• 12 Neglinnaya Street, Moscow, 107016 Russia
  • 8 800 300-30-00
  • www.cbr.ru
What do you want to find?
Activity Financial markets Documents and data About Bank of Russia Services
+
7 499 300-30-00 8 800 300-30-00
Events Contacts Site map About the Site
Analytics
Information Security

Review of Authorised Frauds

Quarterly data on transactions not authorised by financial institutions’ clients are available in the Statistics section.

1. General information about authorised frauds1

In 2024, the amount of authorised frauds increased by 74.36% year-on-year. In 2024, authorised frauds accounted for 0.00066% in the total amount of money transfers (vs 0.00119% in 2023).

Amount and number of authorised frauds

Authorised frauds in 2024: individuals and legal entities

Funds stolen from individuals accounted for the largest proportion of the total amount of thefts. The same trend was observed in relation to the number of authorised frauds.

Federal Law No. 369‑FZ, dated 24 July 2023, ‘On Amending the Federal Law ‘On the National Payment System’ stipulating new anti-fraud mechanisms became effective on 25 July 2024. The law updates the term ‘authorised fraud’. It is a transaction where a financial institution’s client is manipulated into voluntarily making a money transfer under false pretences. Beginning from 25 July 2024, financial institutions are to report frauds according to a modified form taking into account the legislative amendments.

The measures implemented by the Bank of Russia have enhanced the communication among the regulator, financial institutions, and the law enforcement agencies and improved the exchange of information about cyber fraudsters. The regulator receives data on facts and attempts of authorised frauds to its database from the law enforcement agencies even when the victims do not apply to respective financial institutions. Malefactors’ details are added to the regulator’s database on an ongoing basis.

Over 2024, reimbursements for the stolen funds paid by credit institutions to their clients totalled ₽2,713.58 million, which is 9.9% of the overall amount of authorised frauds (vs ₽1,378.76 million, or 8.7% in 2023).

Authorised frauds by type (individuals)

In 2024, credit institutions sent information on authorised frauds committed against clients—individuals according to Reporting Form 0403203. Most authorised frauds were of the following types: ‘Bank cards’, ‘Accounts’, ‘Faster Payments System (SBP)’, ‘E-wallets’, and ‘Without opening account’. As before, perpetrators chose combined fraud schemes tricking the victims into making a money transfer via these channels, which caused an increase in authorised frauds in this category.

 

Number of authorised frauds (individuals), ths

In 2024, payment card frauds numbered 821,870, which is the highest figure compared to other types of fraudulent transactions.

Amount of authorised frauds (individuals), ₽ mln

The largest amount of funds, namely ₽9,602.57 million, was stolen through transactions conducted in remote banking systems. It is worth noting that the amount of funds reimbursed to the victims was also the largest in this category, specifically ₽1,317.69 million.

Authorised frauds through mobile devices were most frequently committed by transmitting a malicious code.

Social engineering techniques (links in text messages, ads on websites, etc.) considerably increase the risk of compromise of a mobile device. In this case, a perpetrator may issue a money transfer instruction, while the mobile device owner may not always receive or have access to money transfer notifications.

In accordance with Part 3.13 of Article 8 of Federal Law No. 161-FZ, dated 27 June 2011, ‘On the National Payment System’, banks are financially liable to their clients—individuals for improperly implemented anti-fraud measures in the course of a money transfer if the payment details for the latter are in the Bank of Russia’s database on facts and attempts of authorised frauds. The reimbursements paid pursuant to the law totalled only ₽1.23 million, which is the result of banks’ compliance with the requirements for anti-fraud measures.

Amount and number of prevented thefts

Beginning from 2023, credit institutions have been sending to the Bank of Russia information on thefts they managed to prevent. Over 2024, the amount of prevented authorised frauds totalled ₽13,508.04 billion, compared to ₽5,798.35 billion in 2023. Owing to efficient anti-fraud procedures, credit institutions managed to prevent 72.17 million fraudulent operations in 2024 vs 34.77 million in 2023.

2. Statistics of Financial CERT’s AIMS

Phone fraud attacks

In 2024, the Bank of Russia forwarded information on 171,977 phone numbers, which fraudsters used to steal money from individuals, for communications providers to take required response measures.

Fraudulent phone numbers

As a result of the efforts made by the Bank of Russia jointly with the Russian Ministry of Digital Development, Communications and Mass Media, financial market participants, and communications providers, the number of fraudulent phone calls has been decreasing. However, perpetrators continue to actively use messengers where they both make calls and send malware and forged documents.

Scenarios used by malefactors in 2024 were nearly the same as before. Broadly, they may be divided into the following groups:

  • extension of various contracts and licences;
  • phone calls from financial institutions’ security units;
  • phone calls from law enforcement agencies; and
  • government support and compensations.

After the introduction of new measures which made it more difficult to conduct fraudulent transactions using payment cards, malefactors switched to a scheme where people were manipulated into giving them cash on various pretexts.

Phishing attacks

Perpetrators continued to actively create phishing websites and websites for illicit financial operations in 2024 as well.

Over the course of 2024, as part of collaboration with the registrars of .ru, .рф and .su domain names and domain names with other extensions, the Bank of Russia sent requests for de-delegation of 1,335 resources, which is 63.3% less vs 3,639 in 2023. The average time of domain de-delegation by registrars was the same as in 2023, namely from three hours to several days.

Fraudulent internet resources reported to domain name registrars

The Bank of Russia continues to actively collaborate with the Prosecutor General’s Office of the Russian Federation to block access to resources disseminating information on unlicensed financial services and financial pyramids in the Russian Federation. In 2024, the resources blocked based on the Bank of Russia’s information numbered 44,713, which is nearly 29% more than in 2023.

Fraudulent resources reported to the Prosecutor General’s Office of the Russian Federation

In particular, over the course of 2024, the Bank of Russia initiated blocking of access to 5,893 webpages (groups) in social networks and 30 apps, among other things. As in the previous year, the blocked webpages (groups) in social networks had been mostly used for unlicensed operations. The apps, masquerading as operating credit institutions’ resources, had been used for phishing.

Types of resources used by fraudsters in 2024

In 2024, 58% of the resources blocked at the Bank of Russia’s initiative were phishing websites mirroring the names of popular banks and investment companies. The second largest category was financial pyramids accounting for 23% of the blocked resources. Most financial pyramids masqueraded as online games offering a user to earn up to 1,000% per annum after the purchase of a player character or game merchandise, but the victims ultimately lost all the money invested.

Fraudulent resources that perpetrators use to conduct unlicensed operations in the securities market as well as non-existent credit institutions’ and microfinance organisations’ operations were still widespread, accounting for 16% of the blocked resources. Frauds and malware resources made up about 3% and less than 1% of the blocked resources, respectively.

Cyber security incidents and cyber attacks

The most popular way to gain access to financial institutions’ systems in 2024 was compromising their contractors (attacks via supply chains, counterparties, service and other contractors, and IT providers).

Over 2024, Financial CERT detected over a dozen of incidents at companies providing IT services to financial institutions, including systemically important credit institutions.

Due to a rising number of cyber security incidents through compromising financial institutions’ contractors, the financial sector needs to take proactive response measures to be protected against these threats.

Financial CERT has been making extensive efforts to arrange communication with IT solution and service engineers and integrators whose products are actively used by the financial sector.

1 This review contains data on the number and amount of authorised frauds over 2024 compared to 2023. The review is based on information submitted by money transfer operators and payment infrastructure service operators to the Bank of Russia according to Reporting Form 0403203. The Bank of Russia continues the work to improve the quality of data on authorised frauds sent by money transfer operators and payment infrastructure service operators, including as part of supervision. Taking into account the results of this work, a number of institutions resubmit the information according to Reporting Form 0403203 that they update for various reasons, including because of errors in the initially sent data they identify on their own.

Department responsible for publication: Information Security Department
Was this page useful?
Last updated on: 27.03.2025
The Bank of Russia website uses cookies
By using www.cbr.ru, you accept the User Agreement.