<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">finance</journal-id><journal-title-group><journal-title xml:lang="ru">Финансы: теория и практика/Finance: Theory and Practice</journal-title><trans-title-group xml:lang="en"><trans-title>Finance: Theory and Practice</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2587-5671</issn><issn pub-type="epub">2587-7089</issn><publisher><publisher-name>Financial University under The Government of Russian Federation</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.26794/2587-5671-2021-25-6-212-226</article-id><article-id custom-type="elpub" pub-id-type="custom">finance-1390</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ФИНАНСОВАЯ БЕЗОПАСНОСТЬ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>FINANCIAL SECURITY</subject></subj-group></article-categories><title-group><article-title>Фишинговые схемы в банковской сфере: рекомендации пользователям интернета по защите и разработка задач регулирования</article-title><trans-title-group xml:lang="en"><trans-title>Phishing schemes in the banking sector: Recommendations to Internet users on protection and development of regulatory tasks</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-0354-0665</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Ревенков</surname><given-names>П. В.</given-names></name><name name-style="western" xml:lang="en"><surname>Revenkov</surname><given-names>P. V.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Павел Владимирович Ревенков — доктор экономических наук, профессор Департамента информационной безопасности</p><p>Москва</p></bio><bio xml:lang="en"><p>Pavel V. Revenkov — Dr. Sci. (Econ.), Prof., Department of Information Security</p><p>Moscow</p></bio><email xlink:type="simple">pavel.revenkov@mail.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0003-3539-003X</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Ошманкевич</surname><given-names>К. Р.</given-names></name><name name-style="western" xml:lang="en"><surname>Oshmankevich</surname><given-names>K. R.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Ксения Романовна Ошманкевич — преподаватель института информационных наук</p><p>Москва</p></bio><bio xml:lang="en"><p>Kseniya R. Oshmankevich — lecturer of the Information Sciences Institute</p><p>Moscow</p></bio><email xlink:type="simple">osh-ksenia94@mail.ru</email><xref ref-type="aff" rid="aff-2"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0003-2301-1776</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Бердюгин</surname><given-names>А. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Berdyugin</surname><given-names>A. A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Александр Александрович Бердюгин — младший научный сотрудник департамента информационной безопасности</p><p>Москва</p></bio><bio xml:lang="en"><p>Aleksandr A. Berdyugin — junior researcher, Department of Information Security</p><p>Moscow</p></bio><email xlink:type="simple">AABerdyugin@fa.ru</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Финансовый университет</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Financial University</institution><country>Russian Federation</country></aff></aff-alternatives><aff-alternatives id="aff-2"><aff xml:lang="ru"><institution>Московский государственный лингвистический университет</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Moscow State Linguistic University</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2021</year></pub-date><pub-date pub-type="epub"><day>23</day><month>12</month><year>2021</year></pub-date><volume>25</volume><issue>6</issue><fpage>212</fpage><lpage>226</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Ревенков П.В., Ошманкевич К.Р., Бердюгин А.А., 2021</copyright-statement><copyright-year>2021</copyright-year><copyright-holder xml:lang="ru">Ревенков П.В., Ошманкевич К.Р., Бердюгин А.А.</copyright-holder><copyright-holder xml:lang="en">Revenkov P.V., Oshmankevich K.R., Berdyugin A.A.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://financetp.fa.ru/jour/article/view/1390">https://financetp.fa.ru/jour/article/view/1390</self-uri><abstract><p>Цель и задачи исследования заключаются в анализе мошеннических фишинговых схем, разработке рекомендаций пользователям интернета и соответствующих задач регулирования. Актуальность темы статьи обусловлена особенностями работы в киберпространстве с возникновением новых источников банковских рисков как для клиентов, так и для самих организаций. Научная новизна рукописи заключается в подробном анализе фишинговых схем, разработке рекомендаций и направлений применительно к Российской Федерации. Объект исследования — кибермошенничество в кредитно-финансовой сфере; предмет—социальная инженерия и фишинговые схемы. Методология статьи включает системный анализ литературы и источников по теме исследования, общенаучные методы (анализ, синтез, дедукция, аналогия, классификация), корреляционный анализ данных, графическую визуализацию информации. Авторы рассматривают основные методы фишинга и наиболее распространенные приемы, которые используют кибермошенники. Проведен критический анализ литературы, который позволил определить перспективное направление для научно-технического потенциала России. Выполнен корреляционный анализ связи количества киберпреступлений и коммерческих банков. Даны рекомендации для пользователей интернета (как распознать признаки мошенничества), а также для регулирующих органов по совершенствованию системы надзора за распространением информации в киберпространстве. Сделан вывод о необходимости повышения уровня киберграмотности и общей грамотности населения, с одной стороны, и модернизации способов осуществления надзора и контроля за информацией, размещаемой в сети Интернет, с другой стороны, для эффективного противодействия финансовой и киберпреступности. Полученные результаты могут быть использованы при дальнейшем развитии дистанционных банковских услуг, оказываемых населению, в целях повышения конкурентоспособности на рынке банковских услуг. Перспективы дальнейшего исследования данной темы состоят в расширении ее структуры, развитии компетенций специалистов в области технологий дистанционного банковского обслуживания, а также развитии научно-технического потенциала России.</p></abstract><trans-abstract xml:lang="en"><p>The aim and objectives of the article are to analyze fraudulent phishing schemes and develop recommendations for Internet use and relevant regulatory tasks. The relevance of the article is due to the peculiarities of working in cyberspace with the emergence of new sources of banking risks, both for customers and organizations. The scientific novelty of the manuscript consists of a detailed analysis of phishing schemes, the development of recommendations and directions in relation to the Russian Federation. The object of the study is cyber fraud in the credit and financial sphere; the subject is social engineering and phishing schemes. The methodology of the paper includes a systematic analysis of the literature and sources on the research topic, general scientific methods (analysis, synthesis, deduction, analogy, classification), correlation analysis of data, graphical visualization of information. The authors consider the main methods of phishing and the most common techniques used by cybercriminals. Based on the critical analysis of the literature the authors determined a promising direction for the scientific and technical potential of Russia. A correlation analysis of the relationship between the number of cybercrimes and commercial banks is performed. The study offers recommendations to Internet users (how to recognize the signs of fraud), and to regulatory bodies on improving the system of supervision over the dissemination of information in cyberspace. The authors concluded that it is necessary to increase the level of cyber literacy and general literacy of the population, on the one hand, and to modernize the methods of supervision and control of the information posted on the Internet, on the other hand, to effectively counter financial and cybercrime. The research results can be used in the further development of remote banking services for the population to increase competitiveness in the banking services market. Prospects for further research on this topic lie in expanding its structure, developing the competencies of specialists in the field of remote banking technologies, as well as developing the scientific and technical potential of Russia.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>киберпространство</kwd><kwd>фишинг</kwd><kwd>кибербезопасность</kwd><kwd>киберграмотность</kwd><kwd>дистанционное банковское обслуживание</kwd><kwd>риски</kwd><kwd>злоумышленник</kwd><kwd>пользователь</kwd><kwd>фиктивная организация</kwd></kwd-group><kwd-group xml:lang="en"><kwd>cyberspace</kwd><kwd>phishing</kwd><kwd>cybersecurity</kwd><kwd>cyber literacy</kwd><kwd>remote banking services</kwd><kwd>risks</kwd><kwd>attacker</kwd><kwd>user</kwd><kwd>fictitious organization</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Бердюгин А.А., Ревенков П.В. Оценка риска воздействия кибератак в технологиях электронного банкинга (пример программной реализации). Финансы: теория и практика = Finance: Theory and Practice. 2020;24(6):51–60. DOI: 10.26794/25875671–2020–24–6–51–60</mixed-citation><mixed-citation xml:lang="en">Berdyugin A. A., Revenkov P. V. Cyberattack Risk Assessment in Electronic banking Technologies (the Case of Software Implementation). Finance: Theory and Practice. 2020;24(6):51–60. (In Russ.). DOI: 10.26794/25875671–2020–24–6–51–60</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Кузнецов М.В., Симдянов И.В. Социальная инженерия и социальные хакеры. СПб.: БХВ-Петербург; 2007. 368 с. URL: https://www.koob.ru/kuznetsov_m/social_engineering (дата обращения: 27.07.2021).</mixed-citation><mixed-citation xml:lang="en">Kuznetsov M. V., Simdyanov I. V. Social engineering and social hackers. St. Petersburg: BHV-Petersburg; 2007. 368 p. URL: https://www.koob.ru/kuznetsov_m/social_engineering (accessed on 27.07.2021). (In Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Конявская С.В., Ревенков П.В., Русин Л.И. и др. Кибербезопасность в условиях электронного банкинга: практическое пособие. М.: Прометей; 2020. 522 с.</mixed-citation><mixed-citation xml:lang="en">Konyavskaya S. V., Revenkov P. V., Rusin L. I. et al. Cybersecurity in the conditions of electronic banking: Practical guide. Moscow: Prometei; 2020. 522 p. (In Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Роговский Е.А. Кибер-Вашингтон: глобальные амбиции. М.: Международные отношения; 2014. 848 с.</mixed-citation><mixed-citation xml:lang="en">Rogovsky E. A. Cyber-Washington: global ambitions. Moscow: International relations; 2014. 848 p. (In Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Bushov Y., Ushakov V., Svetlik M., Esipenko E., Kartashov S., Orlov V., Malakhov D. Activity of mirror neurons in man in the observation, pronunciation and mental pronunciation of words. Procedia Computer Science, 2020;169:100–109. DOI: 10.1016/j.procs.2020.02.121</mixed-citation><mixed-citation xml:lang="en">Bushov Y., Ushakov V., Svetlik M., Esipenko E., Kartashov S., Orlov V., Malakhov D. Activity of mirror neurons in man in the observation, pronunciation and mental pronunciation of words. Procedia Computer Science, 2020;169:100–109. DOI: 10.1016/j.procs.2020.02.121</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Долинго Б. А. Фантастика — самый мощный инструмент развития воображения. Наука и жизнь. 2016;6:118–121. URL: https://www.nkj.ru/archive/articles/28924/ (дата обращения 27.01.2021).</mixed-citation><mixed-citation xml:lang="en">Dolingo B. A. Science fiction is the most powerful tool for the development of imagination. Nauka i zhizn’ = Science and Life. 2016;6:118–121. URL: https://www.nkj.ru/archive/articles/28924/ (accessed on 27.01.2021). (In Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Ошманкевич К.Р. Особенности правового регулирования банковской системы и банковского надзора в китайской народной республике. Вестник Московского университета. Серия 26: Государственный аудит, 2020;1:50–59.</mixed-citation><mixed-citation xml:lang="en">Osmankevich K. R. Features of legal regulation of the banking system and banking supervision in the People’s Republic of China. Bulletin of the Moscow University. Series 26: State Audit, 2020;1:50–59.</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Сорокин Д.Е. Политическая экономия технологической модернизации России. Экономическое возрождение России = Economic revival of Russia. 2020;1(63):18–25. URL: https://www.elibrary.ru/item.asp?id=42543826 (дата обращения: 05.08.2021).</mixed-citation><mixed-citation xml:lang="en">Sorokin D. E. Political economy of Russia’s technological modernization. Ekonomicheskoye vozrozhdeniye Rossii = Economic revival of Russia. 2020;1(63):18–25. URL: https://www.elibrary.ru/item.asp?id=42543826 (accessed on 05.08.2021). (In Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Томский А.Г. inDriver: От Якутска до Кремниевой долины. История создания глобальной технологической компании. М.: Альпина Паблишер; 2020. 256 с.</mixed-citation><mixed-citation xml:lang="en">Tomsky A. G. inDriver: From Yakutsk to Silicon Valley. The history of the creation of a global technology company. Moscow: Alpina Publisher; 2020. 256 p. (In Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Clearfield C., Tilcsik A. Meltdown: Why Our Systems Fail and What We Can Do About It. Penguin Press; 2018. 304 p.</mixed-citation><mixed-citation xml:lang="en">Clearfield C., Tilcsik A. Meltdown: Why Our Systems Fail and What We Can Do About It. Penguin Press; 2018. 304 p.</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Vincent A. Don’t feed the phish: how to avoid phishing attacks. Network Security. 2019;2:11–14. DOI: 10.1016/S 1353–4858(19)30022–4</mixed-citation><mixed-citation xml:lang="en">Vincent A. Don’t feed the phish: how to avoid phishing attacks. Network Security. 2019;2:11–14. DOI: 10.1016/S 1353–4858(19)30022–4</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Каганов В.И. Компьютерные вычисления в средах Excel и Mathcad. М.: Горячая линия — Телеком; 2015. 328 с.</mixed-citation><mixed-citation xml:lang="en">Kaganov V. I. Computer calculations in Excel and Mathcad environments. Moscow: Hotline — Telecom; 2015. 328 p. (In Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Добрышин М.М., Закалкин П.В. Модель компьютерной атаки типа “Phishing” на локальную компьютерную сеть. Вопросы кибербезопасности. 2021;2(42):17–25. DOI: 10.21681/2311–3456–2021–2–17–25</mixed-citation><mixed-citation xml:lang="en">Dobryshin M.M, Zakalkin P. V. Model of a “Phishing” type of computer attack on a local computer network. Cybersecurity issues = Voprosy kiberbezopasnosti. 2021;2(42):17–25. (In Russ.). DOI: 10.21681/2311–3456–2021–2–17–25</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Salihu A., Metin H., Hajrizi E., Ahmeti M. The Effect of Security and Ease of Use on reducing the problems/ deficiencies of Electronic Banking Services. IFAC-PapersOnLine. 2019;52(25):159–163. DOI: 10.1016/j.ifacol.2019.12.465</mixed-citation><mixed-citation xml:lang="en">Salihu A., Metin H., Hajrizi E., Ahmeti M. The Effect of Security and Ease of Use on reducing the problems/ deficiencies of Electronic Banking Services. IFAC-PapersOnLine. 2019;52(25):159–163. DOI: 10.1016/j.ifacol.2019.12.465</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Эскиндаров М.А., Соловьев В.И., ред. Парадигмы цифровой экономики: Технологии искусственного интеллекта в финансах и финтехе. М.: Когито-Центр; 2019. 325 с.</mixed-citation><mixed-citation xml:lang="en">Eskindarov M. A., Solov’ev V.I., eds. Paradigms of the digital economy: Artificial intelligence technologies in finance and fintech. Moscow: Cogito-Center; 2019. 325 p. (In Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Grassegger T., Nedbal D. The Role of Employees’ Information Security Awareness on the Intention to Resist Social Engineering. Procedia Computer Science. 2021;181:59–66. DOI: 10.1016/j.procs.2021.01.103</mixed-citation><mixed-citation xml:lang="en">Grassegger T., Nedbal D. The Role of Employees’ Information Security Awareness on the Intention to Resist Social Engineering. Procedia Computer Science. 2021;181:59–66. DOI: 10.1016/j.procs.2021.01.103</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">Derek S. Reveron, John E. Savage. Cybersecurity Convergence: Digital Human and National Security. Orbis. 2020;64(4):555–570. DOI: 10.1016/j.orbis.2020.08.005</mixed-citation><mixed-citation xml:lang="en">Derek S. Reveron, John E. Savage. Cybersecurity Convergence: Digital Human and National Security. Orbis. 2020;64(4):555–570. DOI: 10.1016/j.orbis.2020.08.005</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">Mitnick K., Vamosi R. The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data. Little, Brown and Company; 2017. 320 p.</mixed-citation><mixed-citation xml:lang="en">Mitnick K., Vamosi R. The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data. Little, Brown and Company; 2017. 320 p.</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">Hadnagy C. Social Engineering: The Science of Human Hacking. Wiley publ.; 2018. 320 p.</mixed-citation><mixed-citation xml:lang="en">Hadnagy C. Social Engineering: The Science of Human Hacking. Wiley publ.; 2018. 320 p.</mixed-citation></citation-alternatives></ref><ref id="cit20"><label>20</label><citation-alternatives><mixed-citation xml:lang="ru">Buldas A., Gadyatskaya O., Lenin A., Mauw S., Trujillo-Rasua R. Attribute evaluation on attack trees with incomplete information: a preprint. Computers &amp; Security. 2020;88:1–21. URL: https://arxiv.org/abs/1812.10754 (accessed on 28.02.2021).</mixed-citation><mixed-citation xml:lang="en">Buldas A., Gadyatskaya O., Lenin A., Mauw S., Trujillo-Rasua R. Attribute evaluation on attack trees with incomplete information: a preprint. Computers &amp; Security. 2020;88:1–21. URL: https://arxiv.org/abs/1812.10754 (accessed on 28.02.2021).</mixed-citation></citation-alternatives></ref><ref id="cit21"><label>21</label><citation-alternatives><mixed-citation xml:lang="ru">Фрумина С.В. Развитие цифровой экономики: опыт России и Германии. Финансы и кредит. 2019;25(2):263–276. DOI: 10.24891/fc.25.2.263</mixed-citation><mixed-citation xml:lang="en">Frumina S. V. Developing the digital economy: Experience of Russia and Germany. Finansy i kredit = Finance and credit. 2019;25(2):263–276. (In Russ.). DOI: 10.24891/fc.25.2.263</mixed-citation></citation-alternatives></ref><ref id="cit22"><label>22</label><citation-alternatives><mixed-citation xml:lang="ru">Salloum S., Gaber T., Vadera S., Shaalan K. Phishing Email Detection Using Natural Language Processing Techniques: A Literature Survey. Procedia Computer Science. 2021;189:19–28. DOI: 10.1016/j.procs.2021.05.077</mixed-citation><mixed-citation xml:lang="en">Salloum S., Gaber T., Vadera S., Shaalan K. Phishing Email Detection Using Natural Language Processing Techniques: A Literature Survey. Procedia Computer Science. 2021;189:19–28. DOI: 10.1016/j.procs.2021.05.077</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
