Laundry discount: as the Telegram used for money laundering

In mid-summer 2016 in the popular Telegram messenger began to receive the special channels and bots, offering extremely high discounts on everyday services, including taxi rides, ordering food in restaurants and hotels. Example services SaleMaster and Easylife, although such bots much more. The “coupon” bots work on the same scheme. First, the user sees the category of the available services and selects the required option. The bot then shows him a set of vendor discounts and reviews of them, so he made sure that this system really works. Next, the user selects a service, and is communicating directly with the seller on his channel.

The deal provider looks like this: the user will transfer to the seller money through PayPal, and receives the selected service — delivery of a meal or a taxi ride. Typically, the seller services oversees visits and customer purchases from start to finish, throughout the process the messages in the messenger. Thus, the buyer the impression that the service is associated partnerships with the service provider (e.g., Uber or “Yandex.Taxi”). Upon completion of the transaction, the customer can leave feedback about the provider on a special forum or in the framework of the bot’s functionality.

To estimate at least the approximate size of this market has failed. The EasyLife service, for example, only some taxi providers at least 15. Trips are divided into long and short, with discounts on the first much more appealing: a two-hour-drive the fifth series BMW or other premium car will cost 700 roubles to 3 thousand RUB from Uber, that is 76% cheaper. For a short trip, the discount is about 60%. In addition to the taxi in the bot you can also find discounts on flower delivery, ordering food and buying movie tickets. The average discount ranges from 40 to 75%. Similar proposals with a comparable range of discounts available in the service SaleMaster.

Two market participants, super discount with whom we talked , admitted that such a lucrative offer in the Telegram were made possible thanks to the machinations of the stolen c cards and promotional codes. The client is seeking the services of such suppliers there is no guarantee, but the reputation of the seller, which is very easy to lose because of poor service.

Cheating with discount

The lion’s share of all super discount in the Telegram is explained by laundering money from stolen cards and e-wallets, according to a source , operating in this market. According to him, the stolen data cards and purses wholesale are bought from dealers from the “darknet” (a private network). Cards must be issued in Russia. “Finding them is pretty hard. A good middleman — like a needle in a haystack,” said the source .

To cash out the money, not exposing themselves, shady businessmen buy goods and services at full price, and then sell them to customers in the Telegram at a large discount. Thus schemers manage to cash out only part of the amount with a stolen card, but they remain outside the purview of law enforcement. After all, to track the relationship between the completion of the PayPal wallet and call a taxi in the capital is almost impossible. However, the owners of the channels discounts prefer to buy using this scheme, the goods of the premium price segment — for example, expensive furniture and trips to luxury cars. It allows sellers to obtain maximum profit.

The existence of such dealers customers often find out by word of mouth, that is from other users. However, before to attract customers used SMS-mailing. Lack of clients the schemers not. According to the source , one of these channels in the Telegram during the holiday rush from 8 to 9 March earned more than 100 thousand rubles.

Card boom

Experts interviewed noted that this scheme was a result of the large number of thefts of Bank cards and electronic purses using special viruses. Of particular danger are malicious programs designed for Android mobile platform, said Deputy head of the laboratory of computer forensics and malicious code study Group-IB Sergey Nikitin. So, in 2015, his organization has promoted the detention of the group “5th Reich”, organized by the virus attacks on mobile devices of customers of Russian banks. With the help of fake web sites and Windows masquerading as the Google Play app store and the sites of Russian banks hackers steal card details of users. The money was transferred through the services of transfer funds by SMS. This type of fraud is called phishing.

The situation is compounded by the fact that methods of concealing the theft from the user becomes more and more. According to Nikitin, now the viruses have learned how to block an SMS on the write-off money from user and redirect codes to confirm the transaction the cyber criminals. “By sending short codes to numbers you can transfer up to 30 thousand rubles. per day. In 2016, the number of viruses increased, and the theft is now happening in an automated way,” explains the expert. IPhone users are the risks also is not bypassed: the operation of Jailbreak that allows the user to gain absolute control over the file system of the phone makes the phone vulnerable to viruses and phishing, adds the Deputy Director of audit Department, Digital Security protection Gleb Chernov.

Business on the coupons

In addition to stolen card suppliers discounts collect and activate the promo code. This scheme accounts for a smaller part of the market, super discount. As told sources , shadow entrepreneurs are buying in bulk coupons discounts, and buy in “darknet” foreign banking and SIM cards, often decorated to a third party without his knowledge. With these cards they activate promotions for coupons that allows beginners to obtain discounts on goods and services, and sell them in Telegram. This scheme, however, requires constant purchases of new banking and SIM cards. Mostly the buyers of the coupons offer customers a Telegram a short trip by taxi and food delivery. To do this, they just order a service from the operator, using your promotional code, and indicates the address of the customer.

In special honor in fraud taxi-service Uber allegedly due to the possibility to use the promo coupons of other countries. Representatives a press-services of Uber said that they know about such methods of fraud, and fighting with them, “including the use of engineering solutions”.

Black market promotional codes appeared in Russia about six years ago with the launch of “Yandex.Taxi”, says the developer of the bots for Telegram Alexander. In 2016, the auction discount has moved from the public forums and instant messengers WhatsApp, Viber and Telegram. Entrepreneurs believed that this service is less transparent to law enforcement. In practice, this has led to the extension of the database of buyers.

Alexander by order of the shadow dealers have developed a bot for anonymous interaction between client and seller discounts. The bot, according to him, does not allow law enforcement officers to break into the conversation between the channel owner and the buyer. Bot just sends the client with the formatted message, containing the data of the seller, and the program Telegram dialogue between two parties does not occur. “Earning the coupons more popular among students. It does not require specific skills or special attachments,” adds Alexander. The income of one such shadow cells of several workers, he estimated at about 100 thousand rubles per month.

What is the danger

Experts unambiguously assess the activities of the owners of the channels discounts as a criminal. To suffer from it may not only Russians who stole credit cards and electronic wallets, but also buyers of services in the Telegram.

Lawyer Alexey Gurov from the bar of the city of Moscow “Barshchevsky and partners” explains that users of Telegram that sell goods purchased on a stolen card can be brought under article 159.6 of the criminal code “Fraud in the sphere of computer information” (till ten years of imprisonment). The person who buys goods or services may be recognized by the partner. In this case, the buyer discounts will also expect a criminal punishment up to deprivation of liberty, says Gurov. The punishment for a partner the court determines.

Partner of the law Bureau “Zamoskvorechye” Dmitry Shevchenko said that, according to this article and article 159.3 of the criminal code “Fraud with use of payment cards”, the swindler can be deprived of liberty for a term up to ten years with fine in amount of 1 million rubles or wage convicted person for a period up to three years. Fraud coupons are also fraught with criminal prosecution under article 165 of the criminal code “Causing damage to property by deception or abuse of trust” (till five years of imprisonment). But in this case, the buyer discounts, is likely to avoid accusations of complicity, said Gurov.

Telegram messenger for the actions of the sellers discounts also should not have legal effects, even though the Executive authorities have the right to request to block the channels through which offenders pass on their messages, and with the appropriate authorization to disclose the operator’s information about the criminals, says Shevchenko.

However, the head of legal practice of the project “Roskomsvoboda” Sarkis Darbinyan notes that the detection of cases of money laundering in social networks is rather low. To investigate such crimes can be difficult due to the layered protection of anonymity, but also because of the difficulty to establish the corpus delicti in the case of trade-based promo coupons, sums up the expert.