Three Cuban citizens residing in Havana were arrested at the end of last December for violating the access of and defrauding the accounts of hundreds of clients who use digital payment platforms, according to official media on the island.
According to a note published in the official newspaper Granma, the defendants acknowledged their participation in the events, their cell phones and several magnetic cards were seized, and it has been established that, from the mobile lines of their telephones, access to the accounts of 351 clients was violated.
Several of those affected had made complaints in 11 of the country’s provinces, after detecting the extraction of funds from their bank accounts without their consent. It was also found that, through one of the seized devices, 131 frauds were carried out against 68 users between May and October of last year, and that the amounts stolen in these operations exceeded the figure of 1,200,000 pesos and more than 7,000 USD.
The preliminary investigations outlined by the source indicate that the detainees were able to access the personal data of the victims in registries and databases on the Internet, which they compared with those of the digital platforms and, if the possession of an account was positive, they carried out random attempts to use the payment passwords, many of them too weak, with consecutive numbers such as 123456 or birth dates of the holders.
It was established that the defendants seized the access credentials to the victims’ mail through social engineering, traffic capture or the technique known as Phishing, with which cybercriminals use attractive job offers, promotions, investments, sale of articles, among others tricks to request information for access to any system on the Internet, and collect personal data from potential victims.
The Granma note refers to a case clarified in Holguín during April 2021 in which the person involved and his wife pretended to be interested in acquiring freely convertible currency and, through social engineering mechanisms, requested photos of the cards of alleged clients as well as the report of the last operations, and with these data they proceeded to subtract the available cash.
For these operations, they created false profiles on social networks and used photos and data of previously defrauded victims, they established contacts only by telephone and the forms of payment were always made through bank transfer. Although it does not provide figures, Granma points out that during 2021 reports of fraud against users of digital payment platforms increased, with a predominance of the aforementioned modes of operation.
At the same time, it points out that cybercriminals took advantage of the population’s lack of knowledge regarding the security and protection of their credentials and passwords, at a time when the use of digital platforms for the payment of products and services, such as the popular Transfermovil, TuEnvío and EnZona, has increased.
In response to these incidents, the institutions involved have adopted a group of measures to strengthen cybersecurity and customer protection. Granma recommends, among other actions, the systematic checking of personal accounts, the design and use of “strong” payment passwords, refraining from providing personal data to strangers or posting it on social media platforms, and raising the perception of risk regarding these criminal acts.