Phishing: Be aware of scam

Exchange

Symbol BNR Buy Sell
EUR 4,9090 4,8200 4,9700
USD 4,7494 4,6700 4,8200
GBP 5,8036 5,6900 5,8700
CHF 5,0470 4,9800 5,1000
SEK 0,4738 0,4390 0,4930
100 JPY 3,5814 3,5100 3,6700

* Current account exchange rates

Find out more
Natural person 1 month* 3 months
EUR 0,2% 0,3%
RON 1,25% 1,45%

* Current account exchange rates

Find out more
Index Last update Rate
EURIBOR 12 LUNI 12.08.2022 1.14100%
EURIBOR 6 LUNI 12.08.2022 0.76400%
IRCC 01.07.2022 2.65000%
ROBOR 3 LUNI 12.08.2022 7.98000%
ROBOR 6 LUNI 12.08.2022 8.13000%
SARON 1MC+M1 12.08.2022 -0.26280%
SARON 3MC+M3 12.08.2022 -0.39670%
SARON 3MC+M6 12.08.2022 -0.32570%

* Current account exchange rates

Find out more

Phishing - what does it mean

Phishing is usually done through email, ads, or by sites that look similar to sites you already use. For example, someone who is phishing might send you an email that looks like it's from your bank so that you'll give them information about your bank account.

It's important to remember that we'll never send you text messages or emails that ask you to confirm, update or disclose personal or banking information. You can reduce your risk of being scammed by paying close attention to messages or emails.

Common types of phishing

  • In this case, the fraudsters send to the cards’ users an e-mail that simulates, in a very truthful way that it would come from the issuing bank of their card. By this email the cards’ users are informed either that they have to update their data or that their accounts have been blocked due to the application of new security measures, the users being invited to access a link to solve the situation.
    Thus, the user is directed to a fake page, which mimics the website of the issuing bank, in which he is asked for the security elements of the card and other information (e.g. security codes sent via SMS to customers) that allow them to enroll cards in the application Apple Pay / Google Pay (wallet), installed on fraudsters' phones.

    Generally, at this stage of the card enrollment procedure, the issuing bank sends the correspondent security code in a generic SMS message. It is extremely important that users read these SMS very carefully in order to identify those fraudulent cases and not to transmit to third parties the security codes received via SMS, respectively not to enter them in the fake pages. Once the security code is entered on the fake page, it is sent in real time to the attackers, who complete the card enrollment procedure and gain full access to the available funds related to that card, which they use immediately.

    This pattern of fraud was also encountered in the case of marketplace platforms, in the sense that the attackers requested the above information under the pretext of paying for products sold through marketplace platforms, the result being the same, the enrollment of cards in electronic wallets controlled that are by attackers.

     

  • This type of fraud is a version derived from the above version, with the difference that the attackers do not seek to enroll the card on wallet applications, but to gain access to the internet banking or mobile banking application of the payment service user, by activating the tokens used for authentication/ authorization (software type) on their phone. However, the mode of operation is almost similar.

    In this case, too, it is extremely important that users read carefully these SMS messages that contain security codes to identify those fraudulent cases and not to enter unsolicited security codes in various applications.

     

  • Card-on-file operations involve the enrollment of the card in a merchant's system, by entering the data on the card at the time of the first payment transaction, the subsequent payment transactions being automatic based on the mandate offered to the merchant during the card's enrollment. Such transactions are usually made to merchants that offer games / applications / monthly subscription services to streaming services / etc., generally being initiated by customer or the family members of the payment service user, but they can also be fraudulent transactions such as because of frauding of the accounts held with such traders.

    Generally, in the first stage of the card enrollment procedure, the issuing bank sends the respective security code in a generic SMS message. It is extremely important that users read these SMS very carefully in order to identify those fraudulent cases and not to transmit to third parties the security codes received via SMS, respectively not to enter them in the fake pages.

More information on how to keep your data safe can be found in the section on data security.

Be informed