Phishing: Be aware of scam
* Current account exchange ratesFind out more
|Natural person||1 month*||3 months|
|EURIBOR 12 LUNI||17.03.2023||3.35900%|
|EURIBOR 6 LUNI||17.03.2023||2.98500%|
|ROBOR 3 LUNI||17.03.2023||6.87000%|
|ROBOR 6 LUNI||17.03.2023||7.20000%|
Phishing - what does it mean
Phishing is usually done through email, ads, or by sites that look similar to sites you already use. For example, someone who is phishing might send you an email that looks like it's from your bank so that you'll give them information about your bank account.
It's important to remember that we'll never send you text messages or emails that ask you to confirm, update or disclose personal or banking information. You can reduce your risk of being scammed by paying close attention to messages or emails.
Common types of phishing
Phishing related to cards enrollment in Apple Pay or Google Pay applications
In this case, the fraudsters send to the cards’ users an e-mail that simulates, in a very truthful way that it would come from the issuing bank of their card. By this email the cards’ users are informed either that they have to update their data or that their accounts have been blocked due to the application of new security measures, the users being invited to access a link to solve the situation.
Thus, the user is directed to a fake page, which mimics the website of the issuing bank, in which he is asked for the security elements of the card and other information (e.g. security codes sent via SMS to customers) that allow them to enroll cards in the application Apple Pay / Google Pay (wallet), installed on fraudsters' phones.
Generally, at this stage of the card enrollment procedure, the issuing bank sends the correspondent security code in a generic SMS message. It is extremely important that users read these SMS very carefully in order to identify those fraudulent cases and not to transmit to third parties the security codes received via SMS, respectively not to enter them in the fake pages. Once the security code is entered on the fake page, it is sent in real time to the attackers, who complete the card enrollment procedure and gain full access to the available funds related to that card, which they use immediately.
This pattern of fraud was also encountered in the case of marketplace platforms, in the sense that the attackers requested the above information under the pretext of paying for products sold through marketplace platforms, the result being the same, the enrollment of cards in electronic wallets controlled that are by attackers.
Phishing for activating new internet / mobile-banking applications and the activation of tokens used for authentication / authorization
This type of fraud is a version derived from the above version, with the difference that the attackers do not seek to enroll the card on wallet applications, but to gain access to the internet banking or mobile banking application of the payment service user, by activating the tokens used for authentication/ authorization (software type) on their phone. However, the mode of operation is almost similar.
In this case, too, it is extremely important that users read carefully these SMS messages that contain security codes to identify those fraudulent cases and not to enter unsolicited security codes in various applications.
Friendly fraud and card-on file transactions
Card-on-file operations involve the enrollment of the card in a merchant's system, by entering the data on the card at the time of the first payment transaction, the subsequent payment transactions being automatic based on the mandate offered to the merchant during the card's enrollment. Such transactions are usually made to merchants that offer games / applications / monthly subscription services to streaming services / etc., generally being initiated by customer or the family members of the payment service user, but they can also be fraudulent transactions such as because of frauding of the accounts held with such traders.
Generally, in the first stage of the card enrollment procedure, the issuing bank sends the respective security code in a generic SMS message. It is extremely important that users read these SMS very carefully in order to identify those fraudulent cases and not to transmit to third parties the security codes received via SMS, respectively not to enter them in the fake pages.
- Credit Europe Bank does not carry out any transactions in Bitcoin or other cryptocurrencies (e.g. for opening accounts or in¬ternational payments) and we do not offer (private) numbered bank accounts or payment services in connection with online auctions (e.g. Ebay).
- Please be very careful with e-mails on the subject of Corona and do not click on a link or log into your customer account using a button at the end of the e-mail.
- Please do not download any attachments. They could be malware.
- In general, act cautiously with e-mails from unknown senders.
- Check that the email address and the sender name match.
- Check if the email is authenticated.
- Please do not feel threated to click a link or open an attachment. Both can carry harmful content.
- Even in e-mails from senders who appear to be familiar to you, watch out for spelling errors and formulations that appear unnatural, as well as for foreign special characters. These are often phishing attempts.
- Check your account statements regularly and inform your account-holding bank immediately in the event of irregularities.
- Block your online banking access or your credit card immediately if something appears suspicious to you.
- When contacted by an unsolicited third party, it's better to be over-cautious. Contact the organization directly using a phone number from their website (not the email or message) before you reply
- Only use reputable official sources when looking for information. Use the information pages of well-known authorities and institutions.