OTP Bank Romania recognizes the importance of banking security and in order to ensure trust in its professional services comes with some examples and tips to help you identify and prevent fraudulent situations.
It occurs when a criminal (fraudster) is using an online merchant in order to perform transactions using fraudulent means such as a lost/stolen or compromised card security details in order to pay for the desired goods. In such cases the real cardholders accounts are debited with the value of the goods or services bought by the fraudsters through the usage of security details of the compromised payment instruments.
Is the crime of deceiving people into sharing sensitive information like passwords, personal information or accessing specific websites. The most common method is receiving an e-mail out of the blue that appears to be from your bank and the message demands that you must enter, complete or check your personal data concerning your accounts. You have to click a link to a website that looks extremely similar to your bank’s own website with the main purposes to obtain confidential data like: name, home address, town, card number, security code, phone number, etc.
Therefore, we inform OTP Bank Romania’s clients not open suspect emails and do not try to access links in which you are asked for your personal information.
In case you received a message that falls within the specifics mentioned above, here are some useful tips:
- DO NOT answer to this messages;
- DO NOT acces the link;
- DO NOT provide your personal information regarding your debit/credit cards ( PIN code, CVV2/CVC—represented by the last 3 digits situated on the back of the card);
- Forward the message as soon as possible to e-mail address of OTP Bank Romania SA: firstname.lastname@example.org to help identify the authors of the email address attack.
If you have been the victim of such a fraud, please contact us immediately in order to take the necessary actions in order to protect you.
- OTP Bank Romania will never ask you to provide confidential information via an e-mail or by accessing a link from the contents of an email;
- Pay close attention to generic messages - fraudulent messages are often impersonal and with grammatical errors;
- If you identify such websites in connection with OTP Bank Romania, please contact the bank as soon as possible.
Campaigns regarding fictitious offers received through social networks
Scam / Phishing attacks are represented by different campaigns (bids / contests) generally promoted through social media platforms.
The main purpose of these types of messages is to promote false promotional offers purchased by the victims, resulting in:
- The products will never be delivered;
- The security data of the payment instrument used (credit or debit card) is retained and then used to initiate unauthorized transactions by the holder.
In case of "Special Offers - Scam / Phishing" fraud attempts:
- Check before you buy → check website reviews;
Pay using secure payment services → if a card or bank transfer is required, check the supplier / trader before performing the requested operation;
Use a secure device when you pay; Maintain your system and antivirus up-to-date;
Pay attention to commercials such "miraculous offers", “best offer”, ”Top business opportunity” → if it is too good to be true, there is probably that the offer is NOT real and it is an attempt of fraud;
Pop-up window tells you that you have won a fabulous prize? More certainly it's a fraud;
Fill in the transaction dispute form for the operation performed in such circumstances and notify the competent entities;
Smishing (Phishing via SMS)
When someone tries to trick you into giving them your private information like personal data or authentication data via a text or SMS message.
In most cases, messages are like "Congratulations! You won the “X” prize. To get the prize, please send us your personal data / card details (card number, expiration date, CVV)”
- DO NOT respond to such requests;
- DO NOT send personal card data or authentication to other people or phone numbers;
- If you receive this kind of messages, immediately notify the mobile operator and the Police regarding the telephone number from which you received the SMS!
- Do not access links or attachments received via SMS from persons you don’t know;
Malicious program or code that is harmful to systems and it succeeds in installing itself on your computer in order to access valuable information from your PC or smartphone like passwords, financial data and other personal information. There are multiple ways your PC can be affected like accessing a harmful link from e-mail or text message, installing an application from untrusted source or from different posts on social networks.
- Always check the authenticity of the website before logging in, tracking the existence of '' https '' and a lock pad before or after the website name, color differences or minor mistakes in the name of the website. Moreover, another security element of the web page is the green color of the writing or the address bar (in the case of the Internet Explorer browser), which means that the security certificate used by that website is valid;
- Install a licensed antivirus and make sure to keep it up to date;
- Scan your computer regularly with your security software;
- Do not use unsecured public Wi-Fi connection;
- If you are unsure about the security of a website, close it immediately;
- Use an updated antivirus that also has an anti-phishing filter.
Email spoofing is a tactic used in phishing and spam campaigns which the main goal is to get recipients to open, and possibly even respond to, a solicitation regarding personal details or in order to send a malware to the recipients PC’s.
- If you receive messages that seem to come from your account or if you get a response to a message you did not send, you are most likely the victim of a spoofing attack.
- DO NOT open the emails and delete them as soon as you notice them.
Identity theft: it is a form of appropriation of personal data belonging to a person through a variety of methods and subsequently used with the purpose to control the person’s resources or to obtain undeserved benefits on behalf of that person.
- Check if the website is secure before introducing your personal data;
- Use up to date software and security services;
- Be aware about disclosing on the internet of your personal data and regularly check the privacy settings;
- Create complex passwords and change them periodically;
- Do not set the same passwords for multiple accounts.
Fraud based on social engineering
Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation in order to trick users so that they reveal confidential information or take certain actions.
COVID 19 Scam
In one of the latest scams, exploiting coronavirus context, the criminals have developed a new scam method that aims to obtain undeserved benefits, from the pandemic with COVID 19 virus.
Similar as "Car Accident Scam", fraudsters call victims pretending to be hospital officials or organizations who claim that a relative of the victim has fallen sick with the COVID-19 virus and request payments for medical treatment and equipment.
Also under the pretext of the current pandemic crisis, scammers impersonate genuine charities and collecting donations for a COVID-19 medical and protective equipment.
Act safe, stay safe:
- Call a phone number for your family member that you know to be genuine;
- DO NOT provide personal data over the phone, regardless of the quality of the persons invoked by the interlocutor;
- DO NOT transfer money to unknown persons, regardless of the reason and the situation invoked by them;
- DO NOT share or provide your card details, passwords or PIN codes;
- Notify the police immediately if you suspect you were a target or victim of a scam.
Vishing- Social Engineering by Phone
Manipulation of people by phone. The caller attempts to extract information necessary to compromise a person or an organization by obtaining personal data or carry out fund / asset transfers operations. Most of the time, malicious persons claim to be a legitimate company, usually the bank or mobile operator.
There are situations where Vishing attackers claim to be brokers in the stock market. They call in an attempt to trick people into buying stock’s from different companies. However, in reality these financial instruments do not exist.
- If you receive phone calls asking you to provide personal data, transfer the balance from your account to another account because it has been compromised or any other similar situation, close and contact OTP Bank Romania preferably using a phone other than the one you called;
- It is recommended that you set all calls from unknown numbers to go to the voice mailbox.
- Do not act in a hurry or transfer money to people requesting you to do so;
- End the call and separately verify the identity of the person by appealing to the institution from which the person claims to be calling.
CEO fraud or ‘Message from Manager’
CEO fraud involves the impersonation of a senior company executive in order to divert payments for goods and services into a fraudulent bank account. Fraudsters will typically target a company’s finance department, either via email or over the phone.
In most cases, the attacker interpose during e-mail correspondence and instructs a company's staff to urgently make payments to partners' accounts other than what is known and used up to that point.
- Permanently verify whether the dates of partners and vendors have changed, name, address, email address, account;
- Cross check - Confirm through other channel (phone, other email address) instructions for making payments to another bank code.
- Never open suspicious links or attachments received by e-mail. Close attention when verifying personal emails on company computers. The addresses are similar to the usual ones on which requests are frequently received.
- If the payment instructions (Bank or a new account) have changed, additional checks (by phone, additional email address) need to be performed to verify the authenticity of the transfer and if the new data are the correct ones.
- Do not make transfers or process operations only based on an email or an urgent telephone request;
- Retrieve the information from the person who is recommended to be the CEO and call the CEO or the manager directly on the known phone number;
- Forward the email to the Manager ( CEO), not with a simple reply to the original email, but by retrieving the email address from a previous correspondence.
Money mules are people who serve as intermediaries for criminals and criminal organizations and in return for a commission, they transfer specific amount, illegally obtained, to other people and other accounts, with the intention of losing track to the real beneficiary. The most targeted persons are unemployed, students and people in financial difficulties.
How it works?
- Targeted persons (potential money mules) are usually contacted by email or social networks by “representatives” of an organization / company;
- Individuals are offered a job. Of course, the job offer is not real;
- According to the job title, people have to go to the bank to open accounts on their behalf, and then have to transfer money collected from the representatives of the fictitious organization;
- The money mule receives in exchange a commission from the transferred amounts;
- Avoid working with people who ask you to perform banking operations on their behalf;
- DO NOT open a bank account on your behalf for unknown people;
- DO NOT respond to messages or calls that promise you a sum of money in exchange for making transactions on behalf of others.
Attention! Money mules activity is considered a crime such as money laundering, organized crime groups and punishable according to low in force.
The "Accident" method
It is the one in which people of good faith are called, usually with hidden numbers, by ill-voiced persons, who are recommended as lawyers, doctors or police officers. They are informed that a family member has suffered or has committed an accident and that urgent money is needed to "solve the problem", usually transmitted through fast money transfer services, or by handing it to an intermediary.
- Close the call immediately
- Urgently contact the family member who was involved in the supposed accident
- Check the information in independent sources
- DO NOT transfer any money
- Call the police
False ads for selling products
It is a method of selling various products; such as cars or equipment at unrefined prices, and those who are interested are encouraged to transfer a sum of money through money, transfer services (Western Union or Money Gram) as a guarantee or advance. Subsequently, they are asked to send the justification document by email, WhatsApp to the seller, and he / she uses the respective data / transaction reference to withdraw the money, and in the end, the good-faith buyer is deceived and never enters the possessed asset.
Fraud with payment instruments
Refers to any type of false or illegal transaction completed by a cybercriminal. The perpetrator deprives the victim of funds, personal property, interest or sensitive information via the Internet.
It is the way that, with the help of handcrafted electronic devices attached to ATMs or POSs from merchants, the data on the debit / credit card magnetic tape is illegally copied. These data are then stored on cloned / counterfeit cards and used to make transactions.
- Analyzes the appearance of ATMs, especially removable parts such as the keyboard, the cash release slot and the card reader;
- Do not give to anyone the PIN, card number, CVV code on the back of the card, do not write them down in the phone, diaries or card;
- When making payments to merchants, try not to lose sight of the card;
- Check your transaction history regularly and if you notice anything suspicious, contact the bank immediately with the phone number on your card;
- Cover with your hand the ATM keypad when you enter your PIN;
- If the ATM where you are going to carry out the operation, for some reason, raises suspicions, it is good to quit the transaction and use another ATM
Invoice fraud occurs when a company’s employees are contacted by a person claiming to be from a legitimate supplier of goods/services and requests modification of the payment details.
- Have a well-defined procedure regarding verification and execution of payments;
- If a request claiming the modification of payment data or an invoice with different payment details and bank accounts is received, verify this aspect with a trusted contact with whom you regularly communicate from the supplier, preferably using another communication channel;
- Check if the data contact are authentic by comparing them with the ones from a previous correspondence;
- Before making a payment that exceeds a certain threshold, confirm the details with a trusted person from the supplier.
You can report any suspicion and attempted fraud in connection with OTP Bank Romania at the email address email@example.com.