Authorities and banks are raising the alarm: Criminals are increasingly attempting to gain access to consumers’ e-banking facilities at the moment – using professional means, and often quite successfully.
There are currently several very well-presented scams keeping various financial institutions and their customers on their toes.
For one, authentic copies of bank websites (phishing websites) are rife, with links distributed via phishing e-mails or search engine results. If bank customers enter their details via any such links, these are transmitted straight to the genuine log-in page of their bank by these fraudsters in real time. In the next step, the second security factor from the authentic bank website – for instance a QR code, a number combination or a mosaic image – is transferred to the fake website in real-time, too, only to be confirmed by their unsuspecting victims. This then provides scammers with access to their e-banking facility. Subsequent fraudulent fund transfers are passed on to victims for authorisation according to the same pattern.
Similar patterns of fraud are applied to sellers on classified ad or auction platforms online. In these cases, a scammer contacts them in the guise of a prospective buyer demanding their victims’ contact details for payment of the item sold using payment providers like PayPal. Data scammed this way are then used in subsequent steps of their attack which could in turn lead to the attacker taking over a seller’s e-banking facility.
In other scams, criminals phone pretending to be a financial institution’s employee or security officer to obtain sensitive information such as e-banking access data of a bank customer. Quite often, they even fake their telephone number to build trust with victims. The real-time phishing method described above is also employed here to bypass e-banking two-factor authentification.
Investment fraud is currently highly popular, too. Such scamming attempts frequently start out as lucrative job offers or with notifications about purported scandals by prominent people being uncovered. Following a phase of trust-building, victims are then often encouraged to pay some small amount to an allegedly profitable investment portal, only to be then led to believe they have made a large profit and swindle higher investments out of them. In reality though, their money ends up in these criminals’ bank accounts.
Protect yourself against phishing by:
- never using any links you receive by e-mail, text or messenger services, and never scanning in any such QR codes to log into your financial institution facility.
- treating e-mail and text attachments with great caution.
- never disclosing any confidential information, such as passwords, during telephone calls.
- always entering the address for your online service provider or financial institution’s log-in page manually via the browser address line.
- contacting your financial institution if you are not quite sure or something is not completely clear.
Always observe the following four rules of conduct to guard against investment fraud:
- Never let yourself get dazzled by any unrealistic promises. No reputable financial service provider would ever promise to achieve above-average returns in a short period of time.
- Always research a provider beforehand, for instance via Google, Internet forums or on consumer pages. Check whether the provider holds a FINMA authorisation or is listed on the FINMA blacklist or the IOSCO Investor Alerts Portal. You should also check the certificate of registration of Swiss providers on www.zefix.ch.
- Contact the customer adviser of your bank if you are unsure.