Yandex services are probably already in every iron. This domestic IT giant has done and continues to do a lot to make complex IT technologies available to any housewife. However, in the pursuit of availability, Yandex programmers seem to sacrifice security at times. In this short article, I decided to describe how I almost became a victim of scammers thanks to the Yandex Investments service.
First call
Several days ago I downloaded the VTB Investments application to my phone. Yes, I was thinking of playing with stocks on a brokerage account. I was not a client of VTB Bank, but the application still promised that it would create a brokerage account for me in 5 minutes ...
After going through a few simple steps to fill in any personal data, I clicked on the coveted button to create an account and ... the application said something like: "an error has occurred, perhaps you are already a client of the bank."
Of course, I was sincerely surprised, because I knew for sure that I had never been a client of VTB Bank. An inquisitive mind suggested that I try to become a real VTB client in order to try to open a brokerage account already from a normal online bank.
Second call
It turned out to be quite simple to become a client of VTB Bank: I went to their website, indicated my data, and two days later the courier brought home a debit card. The papers were signed, the courier left, satisfied, I downloaded and went to the VTB-online application. Everything is fine, I find the button "create a brokerage account" in the application, I click and ... I see an error: "it is impossible to create a brokerage account, we do not have enough data, you need to come to the office with a passport."
So much for you and I think (although it was already two). What was the point of waiting for an instant card for two days with a courier, if you still stamp your feet in the office ??? Well, the service thought, but curiosity won out, got ready and came to the office.
Third call
, , , , .
- : , , ... , - : " ".
, , .
, , - . , , - QR . , : " , , ".
-
: -, "" . , ! ! - - !
, , : . .., , ? - - . - , - - ... , : " 13.01.2021".
: , ???
.
, . -, .
, - , , ... . , , : " ". .
?
, : " 13.01.2021 . ".
! , - -. - : , , - ? , , . ...
.
, . , - ...
: 6593? - . , , . : , . , . .
!
, ... - ! WTF?! - !
, . - : , - - , ?!
,
, " ", - - . , . , , : " - "? : "- . ".
-
It turns out that any person from the street can open a brokerage account at VTB through Yandex in the name of any other person from the street, for this you only need passport data. The passport itself is not needed. You don't need to be a VTB client either. Ten-factor Yandex authorization and account verification do not play any role.
What's next? I can only guess: probably, if I thought that a brokerage account opened a bank for me, tried to replenish this account, the fraudster would receive a notification of replenishment and withdraw everything from the account to his account.