Phishing schemes in the banking sector: Recommendations to Internet users on protection and development of regulatory tasks

The aim and objectives of the article are to analyze fraudulent phishing schemes and develop recommendations for Internet use and relevant regulatory tasks. The relevance of the article is due to the peculiarities of working in cyberspace with the emergence of new sources of banking risks, both for customers and organizations. The scientific novelty of the manuscript consists of a detailed analysis of phishing schemes, the development of recommendations and directions in relation to the Russian Federation. The object of the study is cyber fraud in the credit and financial sphere; the subject is social engineering and phishing schemes. The methodology of the paper includes a systematic analysis of the literature and sources on the research topic, general scientific methods (analysis, synthesis, deduction, analogy, classification), correlation analysis of data, graphical visualization of information. The authors consider the main methods of phishing and the most common techniques used by cybercriminals. Based on the critical analysis of the literature the authors determined a promising direction for the scientific and technical potential of Russia. A correlation analysis of the relationship between the number of cybercrimes and commercial banks is performed. The study offers recommendations to Internet users (how to recognize the signs of fraud), and to regulatory bodies on improving the system of supervision over the dissemination of information in cyberspace. The authors concluded that it is necessary to increase the level of cyber literacy and general literacy of the population, on the one hand, and to modernize the methods of supervision and control of the information posted on the Internet, on the other hand, to effectively counter financial and cybercrime. The research results can be used in the further development of remote banking services for the population to increase competitiveness in the banking services market. Prospects for further research on this topic lie in expanding its structure, developing the competencies of specialists in the field of remote banking technologies, as well as developing the scientific and technical potential of Russia.

1 Expert: The volume of data in the world by 2025 will grow more than fivefold. URL: https://tass.ru/ekonomika/6209822 (accessed on 10.01.2021). 2  This is explained by the fact that the graph n К contains ( ) 1 2 n n ⋅ − edges (links) at the n vertices (technologies). This value approaches 2 2 n . asymptotically. It is worth adding that in economics, Metcalfe's law is a characteristic of a positive network effect. Today, more than half of the world's population (more than 4.6 billion people) uses the Internet (Fig. 1).
The use of "master keys" by a hacker not to the computer, but to the user's logic is informational and psychological impact (IPI, social engineering). In the book [2], the arsenal of basic tools and psychological techniques of a social hacker (transactional analysis, neuro-linguistic programming) is characterized by numerous examples, methods of protection against social hacking are considered. Despite some obsolescence of the book, the advice given are still relevant to this day. The peculiarities of the provision of financial services in cyberspace were analyzed in a collective work [3]. The book highlights the methodology of ensuring cybersecurity in electronic banking technologies and reducing the risks arising from the use of remote banking services.
I n t h e m o n o g r a p h [ 4 ] , t h e a u t h o r (an employee of the Institute of the USA and Canada of the Russian Academy of Sciences) creates an extensive and fact-filled picture of the risks of information security breaches in the social, military, political and economic life of the USA, the growth of which entails a sharp increase in the impact of cyberspace objects on real life. The book is interdisciplinary in nature: it touches on issues related to various sciences (sociology, political science, economics), and convinces readers to apply a multidimensional approach to analyzing the problems of the information society.
In the human brain there are nerve cells that are activated not only when performing a certain action, but also when a person observes the performance of this action by others -these are mirror neurons [5].
Knowledge of mirror neurons helped Chinese researchers in the early 21st century, when they sent a delegation to the US corporations (Apple, Microsoft, Google) to ask inventors about their lifestyle. After that, works of the favorite genre of literature of inventors (science fiction) were included in the educational program of China on literature, and today the developments of Alibaba, Xiaomi, Huawei are among the world leaders [6][7]. Human exposure of the works of Georgy Sytin and Dale Carnegie (bibliotherapy) is also associated with the effect of mirror neurons, which was first noted in this article.
The authors of the article propose to add the utopian HSF novel 3 by the Soviet scientist I. A. Efremov "Andromeda Nebula" to the list of "100 books for schoolchildren" from the Ministry of Education and Science of Russia. As in the case of China, attention to the HSF literature (in parallel with the development of fundamental and applied sciences) will lead to competitive import substitution in the field of digital technologies, and Russia will become famous not only for military equipment (which was mainly developed in the USSR [8]), but also peaceful electronics (computers, smartphones, household appliances). We emphasize that without observance of formal logic and f inancial literacy, both science fiction and phishing remain just a set of sophisms.
Motivational and informative but by no means a fantastic book telling about the history of Russian startups in the Republic of Sakha (Yakutia) is [9]. The author (founder and CEO) characterizes the emergence and development of the Sinet Team IT company, the Ykt.Ru information portal and the international Internet aggregator of taxi services inDriver through the prism of historical events in Russia and his own life experience. Cybersecurity issues (chargebackdemanding a refund of a payment not authorized by the current cardholder) for the inDriver Yakut taxi arose only in New York. Popular science book [10] characterizes risk factors in various areas: from financial systems and nuclear power plants to aircraft

FINANCIAL SECuRITY
and digital platforms. The authors use the concepts of the complexity of the system and the rigidity of the connectivity of its elements to determine the causes of failures and disruptions in the operation of systems. Developing the theory of "normal accidents" by Charles Perrow, the authors analyze the disasters that have occurred, offering specific tools and practical recommendations that can prevent unwanted consequences.
Thus, the analysis of information and cybersecurity is now considered quite widely, as cyberspace has become the fifth theater of warfare after land, sea, air and space.

CYBERCRIME IN BANKING: PHISHING
Along with the emergence of the conveniences provided by cyberspace, new methods of fraud have emerged. The most active fraudulent activity on the Internet is carried out in the credit and financial sector and in the retail sector. First of all, this is due to the fact that in these areas attackers can get the greatest material benefit.
Phishing is one of the most common methods of committing fraud in cyberspace, which is used to steal passwords and confidential information by misleading the client. Usually, a fraudster copies the source code of the official page (this function is available in any browser) and saves it in a text editor. Further, in the source code, the original URL for logging into the system is replaced with the address of the program (script), which specifies the conditions for substituting addresses, the algorithm of actions after entering the registration data, and the way the fraudster receives this data. The main work of creating a phishing page is now complete. With a domain and hosting, a hacker places his page on the Internet and redirects users to it [11].
In Q1 2020, phishing emails were linked to the COVID-19. At the same time, almost half of them (44%) were sent to individuals and every fifth -to government organizations. 4 Let us determine the closeness of the relationship between the statistics of the Ministry of Internal Affairs of Russia on crimes in the field of computer information, the preliminary investigation of which is mandatory, and the data of the Central Bank of the Russian Federation on the number of credit institutions in Russia ( Table 1).
Let us determine the standard deviation The correlation value 0,71 xy r ≈ confirms the progress and optimization results. 5 The elimination of financial "vacuum cleaners" that attract depositors with risky transactions to transfer their money abroad leads to the optimization of financial activities and an increase in the reliability of banking information protection means due to the development of telecommunication technologies and a gradual transition from traditional banking to online platforms.
These phenomena are constantly changing, which complicates the process of detecting and solving crimes committed in cyberspace. As information technology develops, special tools and programs appear to detect and prevent attacks on users on the Internet. Information security specialists divide cyberattacks into the following main groups: • phishing; • social engineering (IPI); • malware [13]. P h i s h i n g a t t a c k s c o m b i n e s o c i a l engineering and the use of malware, making them one of the main and most dangerous ways to carry out attacks on the Internet [14].
For the purposes of this article, phishing will mean an information system used to obtain confidential information from third parties (system users) by misleading them as to its authenticity due to the similarity

Data of the Bank of Russia and the Ministry of Internal Affairs of Russia
Year

FINANCIAL SECuRITY
of domain names, design, or content of information. 6 Based on this approach to phishing, we will consider the most common online scams.

FAKE BANKS
One of the most common categories of phishing resources is websites of fictitious (non-existent, fake) banks. An unscrupulous person creates a "bank" resource and begins to attract funds from citizens and legal entities for deposits. The user of the resource does not think about the legality of the activity of this person, since the interface of a nonexistent "credit organization" is very similar to the interface of an operating bank [15]. Unfortunately, freedom of speech sometimes develops into the freedom of disinformation.
Fake documents presented on the resource (such as copies of licenses and powers of attorney) give the consumer the impression that this bank is legal (Fig. 2).
On behalf of the bank, the attackers are ready to provide all kinds of loans. When a consumer contacts such a bank (with a request to provide him, for example, a mortgage loan), his application is approved and he is asked to pay for the courier delivery of the contract and the sum insured. After the payment, the bank stops any communication with the client.
According to the official statistics of the Bank of Russia, 7 in Q3 2020, 375 sites of fake banks were identified, of which 95% of websites were blocked. It should be noted that the number of fake banks has tripled compared to the same period in 2019. Presumably, this is due to the expansion of people' need for money, as well as the expansion of the range of remote provision of financial services during the COVID-19 pandemic, which caused a reorientation of fraudsters in this area.
Also, cybercriminals actively use the names of operating banks and create clone sites or twin sites, which allows them to deceive the user [16].
Here is a list of the signs of phishing resources in this category: 1. Lack of information about the organization in the reference books (registers) of the Bank of Russia. 7 Review of the reporting of information security incidents during the transfer of funds. URL: https://www.cbr.ru/ analytics/ib/review_3q_2020/ (accessed on 01.02.2021). The official website of the Central Bank of the Russian Federation (URL: http://www.cbr. ru) contains: • Book of state registration of credit institutions.
• Reference book on credit institutions.

Lack of information about the organization in the relevant registers of the Federal Tax Service of the Russian Federation and
Roskomnadzor.
Information about the organization presented on the site can also be checked in the following registries: • The Unified State Register of Legal Entities is posted on the official website of the Federal Tax Service (FTS) of the Russian Federation.
• The register of operators processing personal data is posted on the official website of Roskomnadzor of Russia.
Fake banks have become one of the most common methods of fraud in Russia, since attackers do not need to accurately copy the resources of real credit institutions, it is enough to place tabs with the name "Loan", "Deposits", etc. on the site. These names can mislead the user and give him a real idea that he is on the site of an operating bank.
Consumers need to pay attention to the design of the resource: fraudsters, as a rule, do not bother to post the relevant documentation on the "official website" (in some cases, they do not even indicate the license number for operations).

FAKE INSuRANCE COMPANIES
The emergence of the possibility of issuing electronic compulsory motor third party liability insurance (OSAGO) using the Internet not only made life easier for drivers but also provoked an increase in fraud in this area.
Within this category, the attacker acts in various ways: • creates a copy of the resource of an operating insurance company with proposals for issuing electronic OSAGO; • o f fe r s fo r s a l e f a ke o r u n s e c u r e d insurance company forms.
The consumer either pays for a falsified OSAGO or pays for delivery and buys fake forms. 8 According to the statistics of FinCERT of the Bank of Russia, in the period from 01.09.2018 to 31.08.2019, 22 resources were removed from the delegation, on which the activities of fake insurance organizations were carried out. 9 T h e p h i s h i n g s i t e o f a n i n s u r a n ce company allows the consumer to create a false impression that the purchase of a form does not entail negative consequences for the consumer. However, when acquiring knowingly false, empty and invalid forms, the consumer loses the opportunity to claim insurance compensation in the event of an insured event.
Fake insurance companies are becoming quite common in Russia due to the fact that the consumer is trying to save time and money when drawing up an insurance certificate in the hope that an insured event will not occur [2].
Also, in practice, there are cases when an insurance company creates a resource and pretends to be an organization that provides insurance services. The consumer orders this or that insurance service, pays for it by transferring the money to the insurer's card or to his account. The insurer undertakes to deliver the insurance certificate or provide another service at a certain time but never provides the offered certificate or service to the consumer (Fig. 3).
In this regard, the consumer should not only pay attention to the design and content of the resource of the insurance company but also check this organization in the relevant directories and registers (in the Directory of financial market participants of the Bank of 8 According to Art. 327 "Forgery, manufacture or circulation of forged documents, state awards, stamps, seals or letterheads" of the Criminal Code of the Russian Federation both sellers and buyers answer in law.

FAKE P2P ( PEER-TO-PEER )
This category is one of the most attractive for cybercrime, due to the simplicity of the design of an information resource for theft of funds. Attackers using this method get access to confidential information of both the payment card and the consumer himself. According to the statistics of FinCERT of the Bank of Russia, in the period from 01.09.2018 to 31.08.2019, 132 sites were removed from the delegation, which pretended to be resources that provide services for P2P transfers. 12 The simplicity of the design of information resources that provide services for P2P 10 Directory of participants in the financial market of the Bank of Russia. URL: http://www.cbr.ru (accessed on 02.02.2021). 11 Is the organization's web address included in the list of the Russian Union of Auto Insurers? URL: https://www.autoins. ru/e-osago/chleny-rsa-osushchestvlyayushchie-oformlenieelektronnykh-polisov/ (accessed on 02.02.2021). 12  transfers allows fraudsters to fake them easily: an image of plastic cards is drawn up, and the emblems and names of payment systems or a credit institution are indicated. These attributes allow the consumer to form a false idea that he is on the site of an operating organization (Fig. 4).
It should be noted that the user transfers to the attackers not only his personal data but also the number of the third party's payment card to which he makes a remote transfer.
Such resources are very attractive for consumers since they offer services for an interest-free transfer or a transfer with a low percentage of funds between payment cards of different banks or payment systems [17].

FAKE ONLINE STORES
Online stores attract customers with their prices (due to savings on the rental of premises), as well as the possibility of convenient delivery. 13 Online stores attract customers with their prices (due to savings on the rental of premises), as well as the possibility of convenient delivery. The scheme of fraud, in this case, is the same: as soon as the buyer transfers his money to the seller's account, communication with him is ceased (the store's website stops working, there is no response by e-mail).
The design and content of the resources are also similar to the sites of the operating organizations (Fig. 5) [18].
To protect themselves and purchase the appropriate product, the consumers need to check the information about the organization that provides the goods or services indicated 13 In a number of cases, the seller justifies these prices, sometimes not at all hiding such facts as "stolen goods", "confiscated", etc. Therefore, if the victim decides to buy such a product, then it is unlikely that he will later go to complain, since, in fact, he is an accomplice in the crime (buying stolen goods).
on the site, 14 as well as reviews and the domain name in the search engine.

FRAuD
This category is generalized. It contains fraud schemes that are carried out by organizations using the Internet. These schemes of fraudulent activities of fictitious organizations can be divided into the following subtypes: • an organization conducting fake surveys under the pretext of paying a reward; • an organization promising employment; • an organization offering to formalize the payment of non-existent compensation (Fig. 6) [19]; • the organization issuing the "COVID-19 Vaccination Certificate". 15 Attackers attract users by providing an opportunity to get money quickly. Users,

FINANCIAL SECuRITY
counting on this, transfer personal data to cybercriminals, including bank card data, to transfer the promised salary. 16 The interface of resources in this category is identical to the interfaces of official resources, which allows misleading the client about generating income.
A user on this resource takes a survey (test), which consists of 7-10 simple questions. Once the survey is complete, the resource generates a fictitious prize and invites the user to transfer funds to his payment card. To save money and arrange their withdrawal to the resource, it is proposed to post a deposit. 17 The user provides the attackers with the card details and personal data, which allows the scammers to write off funds from his payment card [20].
In addition to surveys, fraudsters offer various compensation (for example, for 16 It is not uncommon for people to pay an insurance premium for the provision of orders or to fix payments to find a nonexistent job, or it is proposed to pay for the delivery of an employment contract. 17 The payment amount is insignificant and ranges from 250 to 1000 rubles. medical services). As a rule, the resource contains non-existent documentation of the Government of the Russian Federation, which makes it possible to return and pay compensation to the population.
Users (most often pensioners) are actively involved in this category of resources through calls and SMS-mailings, in which people are convinced that compensation is provided within the framework of one of the federal programs and does not lend itself to publicity, since there is a payment limit.
Attention should be paid to the fact that surveys and compensation can be carried out both by real organizations and by government services. In order not to become a victim of fraudsters, you need to pay attention to the following signs, which most often indicate the fraudulent nature of the resource in this category: • transfer of funds to third parties as payment; • the lack of an organization in the Unified State Register of Legal Entities of the Federal Tax Service of Russia; Counteraction to this type of fraud is carried out not only by law enforcement but also by regulatory authorities. In accordance with the regulations of the Bank of Russia, credit and non-credit financial institutions inform the Bank of Russia when information and financial security incidents are detected, 18 and also notify about identified phishing resources [21].
Supervisory measures by the Bank of Russia and Roskomnadzor are aimed primarily 18  at ensuring the stability of the financial system and the protection of creditors and depositors. Such activities are based on an integrated approach: compliance with regulations, timely notification of the Bank of Russia and comprehensive analysis within the framework of supervisory measures allow credit and non-credit financial institutions to minimize the risks of adverse consequences both for themselves and their clients, as well as increase the level of information safety and security.

IMPROVING CYBERSPACE CONTROL
Given the active use of cyberspace in the provision of various types of banking services, it is necessary to understand that the regulatory authorities are faced with a rather difficult task -to build effective supervision over the reliability of information posted on Web-representations of financial institutions. Obviously, such work should be carried out with active interaction with law enforcement agencies to take timely measures to prevent fraudulent actions (close fraudulent resources as soon as possible and take measures to bring the perpetrators to justice) [3,22].
An important role in reducing cybercrime is also assigned to increasing the overall level

FINANCIAL SECuRITY
of cyber literacy among all groups of the population (Fig. 7). One of the most effective ways is to include specialized disciplines (courses) in educational programs for students of secondary and higher educational institutions, according to which students will gain knowledge in the field of functioning of new financial technologies, as well as in basic methods ensuring cybersecurity (including specific topics on countering cyber fraud).
In addition, the literature discussed in the first part of the article "Introduction" will contribute to an increase in the level of cyber literacy and general literacy of the population. Since the beginning of June 2021, the Bank of Russia has published a list of companies with identified signs of illegal activity in the financial market (the so-called "black" list): https://cbr.ru/inside/warning-list/, which includes, among other things, and phishing companies. If the organization is on this list, then it is better to ignore its services and leave. If a client has encountered a fraudulent company, but it is not on the list, he can report it. 19 P h i s h i n g p r eve n t i o n a l s o i n c l u d e s watching TV programs such as "Eduard Petrov's Investigation. Internet pandemic, or COVID-19 Cult -Russia 24" (URL: https://youtu.be/0hklRanOSxI) and "Finiko Finale. Special Report -Russia 24" (URL: https://youtu.be/5OtEZtLw9bE), which illustrate the results of human belief in magic pills and financial pyramids. 20 Thus, a control system in cyberspace will be developed 19 More details: "The Central Bank has published a blacklist of 1.8 thousand illegal companies". URL: https://www.rbc.ru/fin ances/01/06/2021/60b5fbdc9a79471a267396e1 (accessed on 25.07.2021). 20 Only fakes about the miraculous effect of eating … fly agarics, which are gaining popularity, can surpass the existing phishing methods. (see URL: https://smotrim.ru/article/2639202).

Fig. 7. Measures to control cyberspace
Source: complied by the authors. and the cultural behavior of all cyberspace participants will be enhanced.

CONCLuSIONS
The contribution to the development of theoretical and applied science consists in adapting solutions for the development of scientific and technological progress in Russia based on the positive experience of China, as well as in expanding the methodological apparatus of information security and cyber literacy.
T h e n e w r e a l i t y a n d c y b e r s e c u r i t y challenges that both financial institutions and their clients are forced to face when using remote banking technologies require m o d e r n i z a t i o n , a n d i n s o m e c a s e s , a significant revision of risk management procedures, including new procedures for controlling information posted on the webrepresentations (sites) of organizations [15]. It is also necessary to increase the level of cyber literacy of various groups of the population.
The lag in cyber literacy is becoming the main reason for stealing money from clients of organizations in the credit and financial sector. In this regard, it is necessary to use various communication channels and media to alert customers to potential threats from cyber fraudsters, the most common types of cyberattacks and methods of social engineering. 21 Such activity will significantly reduce the level of cyber fraud and minimize it. Regulators should improve the way they oversee and control the information posted on the Internet. The result of such activities will not only increase the confidence of customers and Internet users in remote banking technologies but also increase confidence in the credit and financial sector as a whole.