Successful results of technological development are actively used for simplify access to savings and improve the efficiency of financial services. The most significant achievement in the banking business over the past 20 years can be called a large-scale introduction of remote banking service (RBS) technology. RBS allows customers to make banking transactions with using various telecommunications channels (network “Internet” in the case of Internet banking and cellular communication for mobile payment services) [ 1 ].

Banking experience of customers will increasingly integrate with existing technologies. Instead sign on a paper document, the client can sign with electronic pen on the tablet, use face recognition technology or compare a fingerprint for an identity 1 The article follows results of researches financed as part State Job of the Financial University under the Government of the Russian Federation in 2017.

TABLE I.

FINANCIAL LOSSES OF RUSSIA IN 2016, BILLION RUBLES

Stolen

Saved Individuals Legal entities AWS of BRC3 Total: 1.23 0.38 1.20 2.82 1.24 1.12 1.67 4.04

Total 2.48 1.51 2.87 6.86

Effectiveness of thefts. % 50 26 42 41 II.

Consider the fundamental interpretations of social engineering in manuscripts of foreign authors. Most information security researchers provides social engineering as technique that uses influence and persuasion to deceive people, manipulate them and convince them that social engineer is expert in some sphere [ 3, 4 ]. As a result the victim of social engineer unwittingly becomes source of confidential information with or without use of technologies.

The article “Advanced social engineering attacks” [ 5 ] social engineering is describes as art of attracting users to compromise information systems. Instead of technical attacks on banking systems, social engineers receive private information through manipulation by users to disclose confidential information or commit malicious attacks to their accounts through influence and persuasion. Technical protection measures are usually ineffective against such attacks. In addition, people usually believe that they are well versed in such attacks. However, studies show that victims are ill-prepared to detect lies and deceit.

In other publications, social engineering is a technique used by intruders to access the desired information by using flaws in human logic, known as cognitive biases [ 6 ], 7]. This is the use of social masks, linguistic ruses and psychological tricks that allow computer users to help hackers in their illegal intrusion or use of computer systems and networks [ 8, 9 ].

Social engineering is one of the most powerful tools in the arsenal of hackers and malicious programmers. Because it is much easier to deceive someone that he furnishes his password for any positive result than to spend time and efforts on breaking protected information system [ 10, 11 ].

Illustration of social engineering is such example. English researchers sent letters to employees of one large corporation as if from the system administrator of their company. This letters were contained request to provide their passwords, as check of equipment is planned. 75% of the company's employees responded to this letter and reported their password in the letter [ 12 ].

This example shows an employee's inattentive can cause serious insider incident when bank secrecy is at stake. Information leakage can not only seriously affect, but even destroy the business of the credit institution, without exaggeration. Thus, in a number of cases, careless employee can be called an accomplice of computer criminal.

The core of technologies is information. The most vulnerable link in the automated banking system is a people. He has flaws and the imagination of fraudster, who specializing in the search for weaknesses of the human factor, is unlimited [ 13 ]. But all fraudulent scenarios are subject to the same scheme (see Fig. 1). Information security is of great importance in optimizing technology and dissemination of Internet services. Computer crime increases information risks and stimulates development of information security. But ensuring security of information is not only prerogative of specialists, but also the task of users [ 14 ]. Sites of social networks represent a space where users unconcerned communicate with friends and relatives. Such media resources cybercriminals use for their own purposes to steal personal data. To carry out fraud, not only technological, but also psychological methods are used [ 15, 16 ]. Suppose a person places photos of luxurious interior or purchased car on his personal web-page. Then he tells the so-called “friends” and “followers” that in a week he will go on vacation. True friends equate this frankness with information noise. Attackers gather information sufficient to create forged documents. After that, the robber disruptions the security of the target apartment and/or, with credit card information, to take a large loan in the name of the victim [ 17 ].

It is worth emphasizing that the definition of cybersecurity goes beyond traditional information security and includes protection not only of information resources, but also of other assets, including the life of the person. The human factor aspect has ethical implications for society as a whole, since protection and attack on certain vulnerable groups (for example, children and pensioners) represents social responsibility [ 18 ]. Here we have in mind digital vandalism, cyber espionage, extortion (through the encryption of the contents of the hard disk) and propaganda (obsessive mailing of knowingly false representations). Thus, to the peculiarities of crimes in the information sphere with using human factor’s errors one can attribute high latency of cybercrimes (from Latin “latentis” is hidden, invisible) and, as a consequence of that, impunity of cybercriminals [ 7 ]. Also insufficient awareness by state authorities at the federal and especially regional levels of possible political, economic, moral and legal consequences of computer crimes also is peculiarity of crimes.

In this way, it is recommended to strengthen measures of administrative and criminal prosecution for computer crimes where the human factor and social engineering methods are used to obtain confidential information.

IV.

For implementation of many computer crimes, social engineering techniques are actively used. Scammers are increasingly attracted by bank accounts with remote access, opened in credit organizations of Russia. Dynamics of accounts is shown in statistics of the Bank of Russia4 (Table II).

There is a tendency to increase of the total number of open accounts from 27722.6 thousand in January 2008 to 172529.0 thousand in July 2017. Increase of 6.2 times in 9.5 years.

4 Number of remote access accounts opened with credit organizations. https://www.cbr.ru/statistics/p_sys/print.aspx?file=sheet009.htm&pid=psrf&si d=ITM_39338 (circulation date December 4, 2017).

We perform correlation analysis of tabular data. Number of values is n = 39. Let’s calculate the mean values of random variables X and Y:

Let's find the mean square deviations ϭ2(x) =  (X2) / n – x̅ and ϭ2(y) =  (y2) / n – y̅:   y̅ = 3375462.20 / 39 ≈ 86550.31     ϭ(x) = √ 1426203.57 ≈ 1194.24 

Its value implies a very high direct connection between the random variables X and Y, as well as a strong compression of the data cloud with its main axis.

The coefficient of variation is ratio Vx = ϭ(x) / x̅  100% and Vy = ϭ(y) / y̅  100%:

The degree of data dispersion is not uniform in both cases. Data is far from each other and from its middle axis [ 19 ].

A “digital person” more and more uses devices that record information about his whereabouts and activities. Therefore, risks of violating cybersecurity are constantly increasing. On the diagram is depicted relationship of actions and services producing new data about the “digital person” (see Fig. 2). This information can be used by hackers for computer crimes.

  Therefore, covariance is Cov(x, y) =  (X  Y) / n – x̅  y̅:

Positive value of covariance indicates unidirectional change in the value of number remote access accounts of individuals and legal entities.

The correlation coefficient is rxy = Cov(x, y) / (ϭ(x) ϭ(y)).

For increase of observance level of information security it is need to bring clients and employees to the history of cybercrime by financial institutions. After all, as said the Russian historian V.O. Klyuchevsky “history is not a teacher, but a warder: she does not teach, but severely punishes for ignorance of her lessons.” We can explanation of this phenomenon with words of V.S. Stepin (philosopher and organizer of science), who believes that a person, beginning with his birth, is gradually included in the system of historically established social ties and relations. The higher the person ascends in his historical development through civilization's levels, the more he rises above the dominant influence of direct biological stimuli to regulate his relations with other people5. Biological needs predominant over moral norms usually. It is prompt people to violate security (territorial security, information security, economic security, etc.).

V.

Conducted research of social engineering in electronic banking shows that in the long term it is necessary to create not only system of supervision in the virtual space, but also to raise culture of behavior in it of all participants of information exchange to prevent external and internal cyberthreats.

The value and novelty of this research are that it provides recommendations for elevating users' literacy with respect to remote banking so to mitigate cybercrime risks. The findings can be used by financial and educational institutions to corroborate the dependence of cybercrimes on the users' literacy and intellectual development methods. After all modern banking business will strive to expand RBS.

Subscriber can trust his interlocutor only if the subscriber is an active party. If caller did a call, introduced himself as bank employee and was asked to name any Personal Identification Number (PIN) or password, then the subscriber is a passive party. Therefore, the subscriber must not do anything that interlocutor wants from him. If an interlocutor offered to call back on some other phone and the subscriber call this phone, then he is again a passive party. In general, if interlocutors were presented by the bank's employees, it is necessary to call back, but only by the official phone number, which is on the bank card or the official website.

Scammers use original techniques to weaken human vigilance, invade his psyche and obtain valuable information. All these techniques are based on lies6. Therefore, before the present time there is no perfect way to confront the information-psychological impact.

Blogs of information security services of banks and groups in social networks are excellent source of information about new cyberthreats, malicious software, methods of fraudulent and ways to counteract. Often the reason for disclosure of information is excessive credulity and negligence of people (customers and employees).

To educate the critical perception of incoming information in realize of social engineering methods, it is necessary to improve the teaching of humanitarian disciplines in programs of secondary and higher education, namely, Russian history, 5 Stepin V.S. History and philosophy of science: Textbook for graduate students and applicants of the scientific degree of Candidate of Science. Moscow, Academic Project, 2014, 424 р. financial literacy and methodology of cybersecurity [ 20 ].

It is necessary to raise financial literacy of citizens and to explain attractiveness of non-cash transactions for customers. Nevertheless, talking about raising financial literacy in isolation from general education is completely wrong. An educational institution must to choose an audience where the workplaces of “administrators at RBS”, “hackers” and “customers” will be deployed. This will allow the students to take training the algorithms of action for provide of information protection [ 14 ]. Forewarned is forearmed.

After all, being financially literate is a necessity dictated by time. The invulnerability of human's savings will be reward for his knowledge and vigilance [ 21 ].

The article follows results of researches financed as part State Job of the Financial University under the Government of the Russian Federation in 2017.

Authors would like to express special gratitude to colleagues and friends for their helpful comments and critical remarks concerning this article: Sergey Vladimirovich Dvoryankin [ 13 ], Grigory Olegovich Krylov [ 19 ], co-author's mother Ekaterina Vasilievna Berdyugina, etc.