I recently saw a lot of news with people who woke up no money in bank accounts after they introduced themselves bank card details on various online stores, platforms for posting ads for sales and on other websites.
Except for the malicious people who practice these online theft techniques (Phishing scam), it is very difficult to find a culprit. I would say that it is the fault that provides the sensitive data to some sources (web addresses) that has not checked them before and that it was too naive. In reality, most people fraudulent online are of second age or even past, who in the years of learning and discovering new things, the internet did not even exist or was limited to a dial-up connection for a chat. Not to mention online payments in the '70s and' 80s. In many countries, even in the 90s, online payments were unknown. This is how we still find huge queues at payment of housing taxes, cars and land, endless queues when changing subscriptions for electricity supply si gas, queues at the branches of other services that also offer online alternatives.
With a minimum of knowledge we can make online and secure payments and save time at the queues at the counters.
How can we avoid entering data bank card on a fake site?
Before we can protect ourselves from danger, we must know its characteristics by which we can identify it.. If we see a fire on our way, we know that the approach of the fire causes burns, and advancing on that road can be done only after the fire is extinguished. I don't know if I chose the best example, but in the same way we must do it online to avoid the dangers that are more and more.
The most common method of online fraud is through cloning a service provider's web page. From the web pages of mobile operators to the web pages of banks or public institutions, they have been cloned and sent to users through various communication channels for the clear purpose of alpha personal data or information about bank accounts. If you receive a link (address of a web page) on Messenger, WhatsApp, SMS or E-mail, in which you are asked to click and enter personal data, check very well if the address you arrive at is correct, trustworthy. Most of the time, the links come on Messenger, WhatsApp si SMS are of some pages for online fraud. Very few service providers send payment links to customers by e-mail, and if you are a subscriber to such a service, it is a good idea to check carefully what web address you have reached before entering your card details to pay an invoice. .
An internet user with an average baggage of knowledge online, most of the time would immediately realize if it is an attempted fraud or not. First, a cloned web page must be hosted on a web address (domain name). Even if criminals can make a web page identical to that of a service provider or a bank, they cannot use legitimate domain name of that provider.
To take the scenario of Orange Romania subscribers, who want to pay an invoice online. It is not a random example. I saw many links to phishing pages with the Orange logo.
Orange subscribers have the possibility to pay the invoices online through the web page, from the account My Orange, or from the mobile application (the safest solution).
When you choose to pay online, the web address you access and enter your personal information must contain "orange.ro" before completing the web domain. Careful! Before completing the web domain. meaning a correct address can be of the form: orange.ro/my account, subdivisionomeniu.orice.orange.ro, SS0.orange.ro/wp/oro?jspname=login.etc. Click on the image below, in which you have an example:
Here are two examples of web addresses that do not belong to Orange Romania and could host web pages intended for online fraud: “orange.ro.concurs.net/ Invoice / online"And"plateste-in-siguranta.net/orange.ro/factura-ta".
Although both web pages look identical to the original ones and the web address links (URLs) contain "orange.ro", they are not hosted on orange.ro. In the first example, "orange.ro" is composed of two subdomains related to the domain "concurs.net", and in the second, "orange.ro" is part of the extension of the web address, without being related to the domain Basic.
An inexperienced online user could easily be misled if he does not know these simple security features.
A more complicated aspect to explain to a novice is redirecting the online payment processor to the web page. Many service providers use third party companies for online payment processing. Here we also include online stores that accept payment by card.
What does this thing mean? Well, when an online store or service provider wants to offer customers the ability to pay by card, most of the time the company that owns that store does not have the authority and infrastructure to request card details from customers. The store will conclude a contract with an online payment processor, which will have the obligation to verify if the web address of the online store and the owner company comply with security, transparency and best practices for online bank card payments. Make sure that when paying online with the card you are redirected to the actual web pages of the processors. Most of the times, in Romania, they are payu.ro and euplatesc.ro.