Over the period from July to September 2024, banks successfully thwarted 16.1 million cyber attacks on clients' accounts, preventing the theft of ₽4.9 trillion. This figure is three times higher than that recorded a year earlier, according to the Review of Reporting on Information Security Incidents Related to Funds Transfers.
Measures introduced by the Bank of Russia have improved communication among the regulator, banks, and law enforcement authorities, as well as enhanced information exchange about cyber fraudsters. The regulator receives data on thefts from law enforcement agencies even when victims do not report them to their banks. Details of malefactors are continuously added to the database.
Additionally, a new law concerning anti-fraud mechanisms came into effect on July 25, 2024. The law updates the definition of 'authorized fraud', describing it as a transaction where a victim is manipulated into making a money transfer under false pretenses.
From July 25, 2024, banks are required to report frauds using a modified form that considers legislative amendments. The losses reported in Q3 2024 significantly exceeded the average of the previous four quarters. Specifically, criminals stole ₽9.3 billion during this period. Online banking and money transfers accounted for slightly more than 40% of this amount, whereas previously funds were mostly stolen through payment card transactions.
In Q3 2024, the Bank of Russia initiated actions against fraudulent activities by blocking 12,100 fraudulent websites and web pages on social media and provided information on 42,100 fraudulent phone numbers to communication providers.