Using Real Bank Logos: How Scammers Deceive People and Extort Money

«Kaspersky» company has discovered a mobile banking Trojan named Fakecalls, which can intercept users' calls to financial organizations.

According to the company, the malicious application mimics popular banking apps from South Korean banks. Cybercriminals can attempt to obtain victims' payment details or other confidential information by posing as employees of financial institutions. The company reports that when a person calls a bank’s hotline, the Trojan opens a fake screen of the call, and then either connects the victim directly to the scammer, who presents themselves as a support staff member, or plays Korean voice recordings while the connection is in progress.

The recording could sound like this: “Hello, thank you for calling our bank. Our call center is currently handling a high volume of calls. A consultant will connect with you at the earliest opportunity.” This allows the scammers to gain the victims' trust and extract valuable information, including bank account details, during the subsequent conversation.

After installation, the Fakecalls application requests numerous permissions, such as access to contacts, microphone, camera, location, and call management. These permissions enable the harmful program to disconnect incoming calls and erase them from the device's history, for instance, if a genuine bank representative tries to call the customer.

Scammers utilize real bank logos and display actual support numbers that match those found on the banks’ official websites. However, the creators of Fakecalls did not consider that different bank customers might use interface languages (like English instead of Korean). The Trojan's screen shows only the Korean version, which may help some users reveal the trap.

“We advise to carefully check what permissions new applications require when downloading. If an application tries to gain excessive access to the device’s controls, including call handling, there is a possibility that it is a banking Trojan,” explains Igor Golovin, a cybersecurity expert at Kaspersky.

To minimize the risks of becoming a victim of such malicious software, experts recommend downloading applications only from official stores, which verify the applications for safety; paying attention to what permissions the applications require, and checking whether they are genuinely necessary for their proper functioning. Never disclose confidential information over the phone. Real bank employees do not ask for usernames, passwords, PINs, CVC/CVV or SMS codes during phone conversations; and install reliable protective solutions on all devices, including mobile ones.