As the use of online services increases, we observe an increase in cases of deception and/or dissemination of malware aiming at intercepting sensitive data and codes by email, text messages (SMS), social media messages and other phishing techniques. There is no need to panic. What is actually needed is to learn how to recognise these fraud attempts and avoid them.
Let us take a look at some forms of online fraud that aim at extracting information using deception tricks.
Virtual e-banking pages
In addition to the above, there are fraudsters who exploit the e-banking environment by creating a page which is visually identical with the login page, trying to steal user credentials and extract money.
For your security, when you want to connect to Optima bank's e-banking system, it is necessary to connect exclusively through the link on our official bank page: www.optimabank.gr
Phishing emails
One fraud method that is widely used is through email.
In this case, an email is sent by fraudsters, pretending that the sender is the recipient's bank and stating that:
In this case, an email is sent by fraudsters, pretending that the sender is the recipient's bank and stating that:
- the recipient's account or card has been locked or deactivated
- “suspicious activity has been observed” on the recipient's account or card
What do they accomplish with the use of such methods?
Their aim is to extract personal information, e-banking credentials, one-time passwords (OTP) and card details.
They usually use phrases denoting a sense of urgency; they further use the pretext that the recipient's card or account has been locked or temporarily deactivated, thus urging the recipient to visit a website or download a file and follow "instructions".
E-mail impersonation
E-mail impersonation is a targeted fraud method that is well planned and appears realistic. Cybercriminals present themselves as trusted individuals, e.g. as senior company executives, for the purpose of transferring money to a bank account or sensitive information revealing so as to gain access to the company network.
Some information that could help you recognize a potential e-mail scam:
- Tone and manner
Most fraudsters demand from the recipient to act immediately. - Confidentiality
Some of them imply that the actions they ask you to take are part of a confidential program that should not be discussed with co-workers or senior staff.
- Money transfer request or disclosure of sensitive information
Any such request should be verified through multiple sources. - Unusual requests
Α request for an immediate money transfer, usually to a supplier, but with a different number than the one previously used.
How to protect yourself:
Training and raising awareness of your company staff regarding the security and protection of computers with e-mail, anti-malware and anti-spam software.
If an e-mail is received from an unknown sender or something looks suspicious, verify the request by phone call using the contact details you already have and which have been verified.
Voice Phishing (Vishing)
Another method is voice phishing. This is done by fraudsters over the telephone.
Under the pretext that there is some fault in the recipient's computer software, they request remote access to the computer. They thus manage to extract credentials and transfer money from the holder's account.
SMS Phishing (Smishing)
Text messages (SMS) are an equally common form of fraud, whereby fraudsters ask the recipient to click a link or make a call to activate or verify their account details.
The included link leads to some fake webpage and the telephone number calls the fraudster who pretends to be the legal company's representative.
In both cases, fraudsters urge the recipients to immediately follow the instructions in the link sent to them in order to solve their problem.
Quishing
A recent form of scam is that potential scammers try to redirect you to a copy of a website you want to visit by scanning a QR code.
Their purpose is to collect your online passwords and personal information that can be maliciously exploited.
Skimming
The practice of stealing personal data using electronic tracking equipment (skimmers) that looks like genuine credit/debit card readers and are usually installed by criminals on the front of bank ATMs.
In this case, when a cardholder removes the card at the end of the transaction, the skimmer records information such as credit/debit card numbers and PINs and stores them. Other similar devices copy the keypads of the ATM card readers and allow criminals to record your PIN.
How to avoid skimming?
- check the area around the ATM for any suspicious movement before the transaction
- make sure that there is no added part to the front of the ATM that looks out of place
- if during your transaction at some ATM you spot some suspicious object, the card reader seems to have been hacked (crooked or damaged, graphics aren’t aligned, or part of the machine is a different color), or if you face any problem, avoid using the specific ATM and notify the bank immediately.
SIM Swapping
Fraudsters take advantage of the SIM replacement option offered by operators and, by pretending to be the legitimate owner or an authorised party, they try to trick mobile operators into providing a new SIM card to replace the one held by the legitimate owner.
By activating the new card, the legal holder's card is deactivated and fraudsters can access calls and messages and thus intercept personal information, one-time passwords (OTP) and e-banking credentials.
Learn more here link.
Money muling
Money muling is another fraudulent practice. It’s a type of money laundering and involves the transfer of illegal funds in Greece or abroad. The fraudsters approach you in order to transfer an amount to your account in return for a fee.
After the amount is credited to your account, they usually ask that you give it to them in cash, by withdrawing it from some ATM or transferring it electronically to a third person.
Avoid acting as an intermediary in moving money from other people since in this way you may be involved in criminal activities whether you are aware of it or not.
Loan scams
Another instance of fraud involves the loan application procedure. Specifically, scammers create pages using fake bank logos, such as a page entitled “Optima” and approach you under the pretext of offering a loan with advantageous terms and conditions.
Then they may ask for money, claiming it’s to cover file/loan expenses, or lead you to open an e-banking account and then request your password. If you comply, there's a high likelihood they will transfer money from your account to theirs. For this reason, if you are interested in obtaining a loan you should contact one of our branches. For any other information it is important to visit only our bank’s official website, at www.optimabank.gr.
Invoice fraud
Invoice fraud is a type of fraud that mainly targets businesses. It is essentially a fake payment request sent by scammers, acting as regular and trusted suppliers or vendors of a company.
In this instance, the business or an employee is approached by some third party by phone, letter or e-mail, claiming they represent a supplier, service provider or payment beneficiary. The fraudster requests modification of payment (i.e. bank account payee details) of future invoices, giving his own bank account number.
What can you do as a business?
- make sure that your staff is briefed on this particular fraud type
- implement a procedure to verify the legitimacy of payment requests
- instruct staff responsible for paying invoices to always check them for any irregularities.
What can you do as an employee?
- verify all requests coming from the company's suppliers, especially if they ask you to change their bank details for future invoices
- if you are requested to change your payment details, use those from previous correspondence instead and notify them of the change.
Public Wi-Fi
Public networks may be tracked or the network itself may be a malicious hotspot to steal passwords and PINs and/or your credit/debit card data.
In this case of fraud, when you attempt to connect your device to an available public Wi-Fi network you will be asked to provide your credit/debit card data so that you can gain access to the internet. This is a malicious hotspot and in reality, by providing this data you are giving it straight to cybercriminals.
Similarly, in other cases public Wi-Fi may offer you free access to the internet but through it, cybercriminals can track your every move, record passwords and PINs you enter to log in, and can see your bank account when you check it.
When you plan to connect to a public Wi-Fi network you should be careful.
How to protect yourself?
- avoid networks with names such as “Free public Wi-Fi”
- if you do connect to a public network avoid logging into your e-banking account and the exchange of sensitive information.
Online ad listings
There has recently been an increase in frauds through online advertisements for home rental or for the purchase or sale of goods.
The ad owner receives a call from an alleged interested party who then asks for the owner's personal e-banking credentials or card numbers to complete the transaction. Then the fraudster intercepts the relevant details and gains access to the holder's bank account or cards in order to make transactions.
Find more information on online fraud on the website of the Hellenic Banking Association, here.
Let’s talk
Can we help you? Do you have any questions?