With many types of fraud, attackers demand personal data such as your name, address and telephone number. In many cases, they also ask for an IBAN or request that their victims submit a copy of their passport or identity card.
Since bank security processes are improving all the time, attackers nowadays usually resort to social engineering. They obtain information by spying on their victims, deceiving and manipulating them, for instance using faked e-mails and websites.
When looking at existing e-banking accounts, such data are not really relevant to an actual fraud, but only serve to establish the victim’s trust and to underline an offer’s purported integrity. These cases might for instance involve some kind of reimbursement or profit distribution. It is not possible to withdraw money from your account just using an IBAN number and a copy of your identity card. It is however possible to exploit your IBAN, for instance when someone arranges for a direct debit payment using your IBAN when online shopping. However, this is not very lucrative for fraudsters, since you can object to payment orders with your bank for up to a year to have them posted back to your account.
As far as the collection of address data and copies of passport or identity cards in the context of applications for new accounts with foreign banks and credit institutions are concerned though, things are handled a bit differently. Once they have submitted an application using such address data together with a copy of a passport or identity card, fraudsters are successfully taken on by financial institutions. These scammers’ smartphones or computers are registered with the bank, so that two-factor authentification doesn’t pose any obstacles either. Fraudsters obtain full control over the account set up in the victim’s name and use such accounts for criminal activities. It is not the scammer’s name appearing in such cases then, but the one of the victim, so that charges are brought against the latter – something which can result in complicated and long-winded proceedings if proof is required that it wasn’t the victim who committed a crime, but that they fell victim to fraud instead.
Generally, you should be sceptical and cautious about passing on any personal details. If you notice any inconsistencies, you should immediately contact your bank and the police.
