Hacked "Diia" and got loans. IT worker became a victim of scammers who, according to her, took out a bunch of loans using a fake bank ID. How is this possible and what do "Diia" and the banks say?

What happened

As Victoria told dev.ua, third parties logged into the «Diia» application via bank-ID in OTP-bank, using a third-party device and the specialist’s financial number. Interestingly, according to Victoria, she did not even have open accounts in this financial institution. Despite this, the fraudsters managed to apply for a huge number of loans online in her name.

«They hacked my „Diia“ and stole credits! Tonight. And I saw a new device join, saw it submit applications, and understood what awaited me,» the IT professional wrote on LinkedIn, posting screenshots of logged-in devices, credit applications submitted by scammers, and correspondence with «Diya» technical support.

What they say in «Actions»

According to Victoria, noticing what was happening, she contacted Diya support. «They advised me to delete the device using the appropriate button (which does not delete devices) and… look at my phone. I wrote to them today and they ignored me. And the number of credits taken from me is growing every hour. The worst thing is that to stop this, I need to delete that second device from my account. But it’s not that simple, is it? Diia,» the disappointed specialist noted. «It doesn’t delete devices, it only deletes the current active session… No one from Diia has contacted me again, they don’t reply to me.»

dev.ua has also reached out to «Diia» for clarification on the situation. As soon as we receive a response, we will publish it.

How the scheme worked: the victim’s version

According to Alexandrova, approved applications for fraudulent loans continue to arrive in her messages today. At present, the issue is far from resolved.

«I called OTP-bank, through which they authorized. Today I have to go to them with a copy of the police report. It turned out that they opened a fake account for me, where half of the data about me is fake. And the bank didn’t check it! The fraudsters used my name and surname, date of birth, and my phone number, which we use to talk. How — it’s unclear, I can’t imagine how yet. All the other data does not match,» Alexandrova said.

According to the IT expert, the scammers also used an iPhone as the device for authorization, but with a different version of iOS.

At the same time, Victoria Alexandrova added that she had never lost her devices with potential access to «Diia» and bank-ID, and her phone had never been stolen in her life.

«I have been in IT for almost 10 years and, of course, I know very well that you cannot provide your data in response to various kinds of messages or confirm access to suspicious applications. I am strict about this, but the current situation is such that it requires the intervention of service providers. But so far there is no talk of any support,» the CPO of KARAKUM Soft complained.

According to her, Victoria was advised to take an unusual route: contact the credit bureau and ask to be put on the «black list.»

«If I am blacklisted, then at least I will not be given any more loans. It is a very strange situation to voluntarily blacklist myself. But I am receiving 'approved' loans at a breakneck speed,» the IT worker said.

She has already contacted some of the institutions where the fraudsters were trying to obtain loans. According to her, some responded to her appeal by refusing such loans, but some simply advised her to contact the police and the court.

«At midnight, I wrote to the offices that issue loans. Someone called back and said that they had blocked it and would not issue it, and someone said that this was my problem and if I wanted to solve it, then only through the police and the court,» Alexandrova summarized.

dev.ua, in turn, sent requests for comments to OTP Bank, as well as Sense Bank and Moneyveo, which, according to Victoria, approved loans in her name.

Rakuten Viber has been tracking a new scam: attackers are posing as other well-known services. How the scheme works and what you need to do to avoid falling for the scammers' hook

On the topic

Rakuten Viber has been tracking a new scam: attackers are posing as other well-known services. How the scheme works and what you need to do to avoid falling for the scammers' hook

At the request of the Ministry of Digital Affairs, Meta blocked scammers who were extorting money from Instagram bloggers

On the topic

At the request of the Ministry of Digital Affairs, Meta blocked scammers who were extorting money from Instagram bloggers

«Diya.Business» has launched free cyber diagnostics. For whom and how does it work?

On the topic

«Diya.Business» has launched free cyber diagnostics. For whom and how does it work?

Read the country’s main IT news in our Telegram

On the topic

Read the country’s main IT news in our Telegram