Phishing schemes in the banking sector: Recommendations to Internet users on protection and development of regulatory tasks

The aim and objectives of the article are to analyze fraudulent phishing schemes and develop recommendations for Internet use and relevant regulatory tasks. The relevance of the article is due to the peculiarities of working in cyberspace with the emergence of new sources of banking risks, both for customers and organizations. The scientific novelty of the manuscript consists of a detailed analysis of phishing schemes, the development of recommendations and directions in relation to the Russian Federation. The object of the study is cyber fraud in the credit and financial sphere; the subject is social engineering and phishing schemes. The methodology of the paper includes a systematic analysis of the literature and sources on the research topic, general scientific methods (analysis, synthesis, deduction, analogy, classification), correlation analysis of data, graphical visualization of information. The authors consider the main methods of phishing and the most common techniques used by cybercriminals. Based on the critical analysis of the literature the authors determined a promising direction for the scientific and technical potential of Russia. A correlation analysis of the relationship between the number of cybercrimes and commercial banks is performed. The study offers recommendations to Internet users (how to recognize the signs of fraud), and to regulatory bodies on improving the system of supervision over the dissemination of information in cyberspace. The authors concluded that it is necessary to increase the level of cyber literacy and general literacy of the population, on the one hand, and to modernize the methods of supervision and control of the information posted on the Internet, on the other hand, to effectively counter financial and cybercrime. The research results can be used in the further development of remote banking services for the population to increase competitiveness in the banking services market. Prospects for further research on this topic lie in expanding its structure, developing the competencies of specialists in the field of remote banking technologies, as well as developing the scientific and technical potential of Russia.

1. Berdyugin A. A., Revenkov P. V. Cyberattack Risk Assessment in Electronic banking Technologies (the Case of Software Implementation). Finance: Theory and Practice. 2020;24(6):51–60. (In Russ.). DOI: 10.26794/25875671–2020–24–6–51–60

2. Kuznetsov M. V., Simdyanov I. V. Social engineering and social hackers. St. Petersburg: BHV-Petersburg; 2007. 368 p. URL: https://www.koob.ru/kuznetsov_m/social_engineering (accessed on 27.07.2021). (In Russ.).

3. Konyavskaya S. V., Revenkov P. V., Rusin L. I. et al. Cybersecurity in the conditions of electronic banking: Practical guide. Moscow: Prometei; 2020. 522 p. (In Russ.).

4. Rogovsky E. A. Cyber-Washington: global ambitions. Moscow: International relations; 2014. 848 p. (In Russ.).

5. Bushov Y., Ushakov V., Svetlik M., Esipenko E., Kartashov S., Orlov V., Malakhov D. Activity of mirror neurons in man in the observation, pronunciation and mental pronunciation of words. Procedia Computer Science, 2020;169:100–109. DOI: 10.1016/j.procs.2020.02.121

6. Dolingo B. A. Science fiction is the most powerful tool for the development of imagination. Nauka i zhizn’ = Science and Life. 2016;6:118–121. URL: https://www.nkj.ru/archive/articles/28924/ (accessed on 27.01.2021). (In Russ.).

7. Osmankevich K. R. Features of legal regulation of the banking system and banking supervision in the People’s Republic of China. Bulletin of the Moscow University. Series 26: State Audit, 2020;1:50–59.

8. Sorokin D. E. Political economy of Russia’s technological modernization. Ekonomicheskoye vozrozhdeniye Rossii = Economic revival of Russia. 2020;1(63):18–25. URL: https://www.elibrary.ru/item.asp?id=42543826 (accessed on 05.08.2021). (In Russ.).

9. Tomsky A. G. inDriver: From Yakutsk to Silicon Valley. The history of the creation of a global technology company. Moscow: Alpina Publisher; 2020. 256 p. (In Russ.).

10. Clearfield C., Tilcsik A. Meltdown: Why Our Systems Fail and What We Can Do About It. Penguin Press; 2018. 304 p.

11. Vincent A. Don’t feed the phish: how to avoid phishing attacks. Network Security. 2019;2:11–14. DOI: 10.1016/S 1353–4858(19)30022–4

12. Kaganov V. I. Computer calculations in Excel and Mathcad environments. Moscow: Hotline — Telecom; 2015. 328 p. (In Russ.).

13. Dobryshin M.M, Zakalkin P. V. Model of a “Phishing” type of computer attack on a local computer network. Cybersecurity issues = Voprosy kiberbezopasnosti. 2021;2(42):17–25. (In Russ.). DOI: 10.21681/2311–3456–2021–2–17–25

14. Salihu A., Metin H., Hajrizi E., Ahmeti M. The Effect of Security and Ease of Use on reducing the problems/ deficiencies of Electronic Banking Services. IFAC-PapersOnLine. 2019;52(25):159–163. DOI: 10.1016/j.ifacol.2019.12.465

15. Eskindarov M. A., Solov’ev V.I., eds. Paradigms of the digital economy: Artificial intelligence technologies in finance and fintech. Moscow: Cogito-Center; 2019. 325 p. (In Russ.).

16. Grassegger T., Nedbal D. The Role of Employees’ Information Security Awareness on the Intention to Resist Social Engineering. Procedia Computer Science. 2021;181:59–66. DOI: 10.1016/j.procs.2021.01.103

17. Derek S. Reveron, John E. Savage. Cybersecurity Convergence: Digital Human and National Security. Orbis. 2020;64(4):555–570. DOI: 10.1016/j.orbis.2020.08.005

18. Mitnick K., Vamosi R. The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data. Little, Brown and Company; 2017. 320 p.

19. Hadnagy C. Social Engineering: The Science of Human Hacking. Wiley publ.; 2018. 320 p.

20. Buldas A., Gadyatskaya O., Lenin A., Mauw S., Trujillo-Rasua R. Attribute evaluation on attack trees with incomplete information: a preprint. Computers & Security. 2020;88:1–21. URL: https://arxiv.org/abs/1812.10754 (accessed on 28.02.2021).

21. Frumina S. V. Developing the digital economy: Experience of Russia and Germany. Finansy i kredit = Finance and credit. 2019;25(2):263–276. (In Russ.). DOI: 10.24891/fc.25.2.263

22. Salloum S., Gaber T., Vadera S., Shaalan K. Phishing Email Detection Using Natural Language Processing Techniques: A Literature Survey. Procedia Computer Science. 2021;189:19–28. DOI: 10.1016/j.procs.2021.05.077