According to the Ukrainian Interbank Association of EMA Payment System Members, in 2019 swindlers “trick” Ukrainians by almost 362 million UAH. Moreover, in two-thirds of all cases, people themselves reported confidential card data. Why do Ukrainians continue to be scammed?

SOCIAL ENGINEERING. It would seem that everyone knows that you do not need to answer calls, such as "Dear customer, your card is blocked! Give the data for verification”, or “The bank security service is calling, tell the branch number – three digits on the back of the card”, etc. And nevertheless, social engineering – fraud, when using various psychological tricks, make the victim report the confidential data of his card, still in a “trend”. Let's take a closer look at how fraudulent schemes work.

Vishing: data extortion on phone

Purpose: to draw out the bank card details or other personal information, force to transfer funds to a thieves card.

Action plan. They can call and present themselves as persons who inspire confidence – an employee of a bank, a pension fund or law enforcement agencies or a potential buyer, mobile operator. Fraudsters have even learned how to use special software to change phone numbers so you think that you are allegedly communicating with the bank. During a conversation, scammers intimidate by blocking a card or promise the win, gradually finding out the card details they need.
Result. Having seized confidential information, they deprive the victim of funds.

Phishing: following the link to a fake website

Purpose: to access confidential user data (logins and passwords).

Журнал «Народний банкір» №13/2020

Action plan. The cardholder receives an e-mail or SMS with a request to confirm personal data and card details, for this it is suggested to click on the link on which there is a non-existent or fake copy of the bank's website. Phishing websites usually differ from real ones in a few letters, so you need to be very careful to know your bank website and Internet banking by heart.
Result. Your personal information may be stolen.

The latest combination schemes

Purpose: to draw out confidential data and withdraw money.

Action plan.

• It sounds like a financial adviser of the bank calls to you. Clarifies the customer of which bank a person is, and then speaks on behalf of the bank mentioned in the conversation. He asks when and what operations the customer carried out. Clarifies the card number. Reports that some operations were carried out on the card. He asks for the expiration date of the card. He suggests to prevent fraud, block the CVV code. Then transfers as if to a security service. If the customer does not believe that certain operations have occurred, an SMS is sent to him from the operator’s website with the alleged amount of blocking. The customer is offered a new CVV code and is asked to write it down. To unlock the card, they suggest calling the previous CVV code, which is supposedly already invalid..

Result. Fraudsters find out all the information on the card and withdraw funds from it.

Журнал «Народний банкір» №13/2020

• It is as if a bank employee calls from a number that resembles a bank hotline. And reports that some operation has occurred recently – write-off or blocking of funds. If necessary, to confirm this send SMS from some Internet resource. They offer to go through additional identification and say that it is urgent to "save and return the funds. "For this, a link to a fake website is indicated in the SMS. Following the link, the customer gets to a special fraudulent page, as if with the logo of the bank, where the customer enters the username and password. Fraudsters immediately intercept them and enter the real Internet banking or make a payment from a customer’s card through payment services. At the same time, a new window is already displayed on the customer’s phone to refuse the operation. And at the same time, he receives an SMS with a password to confirm the payment made by scammers. He enters the received password, fraudsters intercept it, enter it on the operation confirmation page.

Result. Fraudsters transfer funds from a customer’s account to cards in other banks or make a payment.

Журнал «Народний банкір» №13/2020

 SAFETY RULES

1. Remember clearly what confidential card data is and do not share it with anyone!

The confidential card details:

• card expiry date
• three-digit code on the back of the card (CVV code)
• PIN
• three-digit code on the back of the card (CVV code)
• card number
• any logins and passwords, in particular for access to the Internet- and mobile-banking

2. 12. Whoever calls – the “employee” of the bank, the Security Service of Ukraine, the police, the Pension Fund, if he requires confidential data – this is a scammer, immediately interrupt the conversation. Also, stop talking immediately if:

• you are informed about the receipt, debiting or transfer related to the cards
• an SMS comes with the addition of a contact;
• in a conversation they say that they will re-issue your CVV code;
• they report that they will send SMS or Viber messages and they need to be checked;
• they ask to follow from the message to the Internet banking page and enter the refusal code in the pop-up window.

3. If you are in doubt, call the bank yourself on the phone number indicated on the back of your card, report a fraud attempt and find out all the details.
4. Your financial number, which is indicated in the contract, must be tied to a passport and should not be freely available.
5. Banks do not call from numbers indicated on the website. These numbers are for customer calls.
6. Learn by heart the website address and online banking of your bank. For example, www.pumb.ua and https://online.pumb.ua .
 

Have you already told your confidential data to a scammer? Your steps :

• Urgently call the bank and block your card.
• Block your online banking.
• Contact the police.

Журнал «Народний банкір» №13/2020

Signs of a telephone swindler

• Calls from an unknown number
• Rushing you
• Intimidating by card lock, money loss
• Trying to find out confidential card details and confirmation codes from the SMS

Signs of an SMS-fraudster

• The mobile number looks like private +380 ... or the message arrives with the word INTERNET
• In the message you are not given time to analyze the situation and you are asked to call back the specified number or follow the link urgently
• Trying to get your confidential data, verification codes.

The bank contact center for anti-fraud issues
Some large and reliable banks create a special unit in the contact center that counteracts fraud. For example, how does this work at PUMB Bank? Call the bank hotline and inform the operator that you have encountered fraud. You will be immediately transferred to a security expert. He can quickly affect the situation: block a card or account, inform other banks about the identified situation. If money has already been stolen and withdrawn to another bank: the operator contacts the specialized unit of another bank to block funds to prevent their withdrawal or receipt in cash.

View the entire issue