Fraudsters try to access data via e-mail through iTAN phishing and it is important that the public learn how to securely handle PINs
Three tips on how customers can protect themselves against fraud
Those who want to convert their iTAN online banking process to a newer TAN process should be alert: Scammers are trying to use the abolition of the paper-based TAN list for their own purposes. By September 14, 2019, bank customers will need to upgrade to a more modern TAN process with two-factor authentication.
Scammers take advantage of this and, like their own bank, contact the customer via e-mail. The e-mail then contains a link to a fake website that may be deceptively similar to the bank’s online banking presence. If the customer follows the link and logs in, the fraudster initially fishes his access data. In another e-mail or online banking on the fake website, the customer is now prompted to enter the iTAN, with which he should unlock the supposedly new TAN app. The scammer also fishes these and then uses them to gain access to the real TAN app, which he has installed on his own device. Now he can make unnoticed transfers on behalf of the customer.
The entire process of fetching credentials and iTAN may take no more than a few minutes. The counterfeit e-mails now show a high degree of perfection. In the past, such messages were often already recognized by the lack of spelling. This is now often no longer the case. In addition, the criminals personalize the emails more often, so bank customers are addressed with their real name. This makes it harder to expose the fraud attempt at first glance.
However, with these three tips, customers can minimize the risk of becoming victims of these criminal activities:
Tip 1
Who contacts you? Is this really your own bank? Information on whether it is a fake e-mail can be found, for example, in the sender of the e-mail.
Tip 2
Enter the online banking address of your own bank yourself in the bar of the browser. Under no circumstances should the link used in the e-mail be clicked! Whether it is really the encrypted side of your bank when you log in, you also recognize that a lock symbol appears in the browser bar and the address starts with “https …”.
Tip 3
Check the e-mail for any other abnormalities, such as spelling mistakes! When in doubt, customers should call their bank to inquire.
Suspicious emails should always be reported to your own bank so they can act against it and protect other bank customers from becoming victims of criminals.
Safe handling of the PIN
Most consumers have multiple PINs, passwords and other personal access data. Keeping track of the password jungle is not always easy. Since it may happen that when you pay or at the ATM, the four digits of the PIN for the girocard not come. What to do, so that does not happen?
To write down the PIN on a piece of paper in your purse or even on the card itself would be grossly negligent. Banks or savings banks could then refuse liability in the event of abusive decisions using the card and PIN. So you better stick to the tips of EURO Kartensysteme for your PIN security:
- Memorize your PIN. These are pictorial stories that will stay in your memory. For example, for the secret number 1311: One (1) Cinderella discovers three (3) hazelnuts, dances on one (1) ball and finds one (1) prince.
- Do not reveal your PIN to any third party – not even family members or anyone else you trust.
- Make sure nobody is watching you enter your PIN. Cover the keyboard at the ATM or at the electronic cash register best with the free hand.
- Do not be distracted by strangers when entering your PIN.
MoneyTalk6 