A resident of Russia Anna Kozlova, resting in Spain, lost 14 thousand rubles ($220). The money was stolen from her VTB Bank card through the Bank's mobile app and Uber.
At first, the woman was charged 2 rubles from the card, it looked like a standard check of the solvency of Uber customer, especially since the money immediately returned to the account.
However, immediately after this, 2829 rubles were debited from
the card. The app’s notification said it was Uber service fee that
Anna hadn’t actually used since she was sleeping.
Then notifications, according to the tourist, began to come one after another. After 22 minutes, when she woke up, the girl blocked her card, but by that time the cost of four more trips that she had not made was debited from the card.
Unknown stole from Kozlova 14 118 rubles and did not stop trying to withdraw money from her account even after blocking the card. It is curious that all write-offs were allegedly made by the international service Uber, which in Russia was merged with Yandex.Taxi.
When Anna contacted the support team of this company, the staff could not give her information about the write-offs. The VTB support service clarified that the last write-offs were made from Moscow, and then Anna appealed to Uber Russia.
The Russian company Kozlova explained that if she did not use a
taxi, it means that someone received the data of her Bankcard,
including CCV code, and used it for payment.
Kaspersky Lab experts explained that fraud schemes through taxi services are no longer uncommon.
According to them, there are channels in the messengers where you can order a taxi at a great discount. The scheme looks something like this: the passenger sends a message to such a channel indicating the details of the trip, and the attacker calls a taxi using the stolen account.
After completing the trip, the driver receives money from the owner of the stolen account, and the passenger transfers the money directly to the attacker. In order to remain unnoticed for as long as possible, attackers can track the owner of a hacked account on social networks and organize such trips at night when it is likely that a person is sleeping, or during the victim’s travel abroad.