We are regularly assaulted by e-mail messages "very important"Or requiring"increased attention”From some banksSome that do not even have or have ever had accounts.
Most likely you are not unfamiliar with the terms "online banking"And"internet banking". They are used by all banks, and these tools are used redirection of operations from desks, to specific applications by banks and online banking accounts.
The truth is that it is more convenient to check our a status of transactions, account balance or ratesUsing a mobile applications or by visiting online account. Than to make a way to the bank, To stand in queues and we signed various documents, the operations on the mobile phone and the online ones are much simpler, but they also involve certain risks. Especially for believers and those who do not have "online culture".
I do not want to offend anyone, but if there are many people who know how to make a Facebook account or if you know how to access a web page, they think they are IT experts.
The worst is like marketing policy banks encourages users to use accounts online and mobile banking applicationsShowing them how simple and how little time it takes to transfer some money from one account to another or do some online payments. The only highlight the benefits of these tools, but does not say anything and the risks they are exposed to inexperienced users.
These latter can be secure targets of online cheats. The most common form is PhishingCPC.
What is phishing and how to protect your confidential data? phishing Scams
It is a form of online crimeWhich consists in obtaining confidential data, Such as data access online bankingAccounts of processors online payments (PayPal) or data bank cards.
The most common method of fraud is through e-mail messages from that appear to be sent from banks. In these messages we are asked to emergency access online banking account to update various data or ironically, to make certain changes to security. In reality, the link that is sent in messages from the email sent to a fake web page. A website that copies mostly real bank website. In this fal user who is less experienced be fooled pretty easy. believing that the message is real and the website you entered is the bank that has an account. Grip and enter personal data. The first step would be username and password related to online banking account. The user does not know is that these data do not reach the bank, but a criminal who will use the actual site of the bank to perform transactions with money User fooled. Simple, right? If after false authentication is required and the card data including the holder's name, card number and CVV site, the problem is even worse. There are still market cards 3D not secure and can be used easily by anyone with the aforementioned data.
As a first measure of protection is increased attention when we receive such a message. Be careful of what address was sent to see the source of the message and especially to check the link that we click. Link that takes us on the bank's website.
Below is a concrete example of e-mail phishing, in which customers are targeted OTP Bank Romania.
It receives a message with the following content:
The message is formulated well enough to lead someone into error, and header logo OTP Bank adds confidence to those who are not very good at reading a message received by e-mail.
The suspicious parts appear only when we read the top of the correspondence, where the "reply" address is written "[email protected]". It is unlikely that a bank will use an e-mail domain name that has nothing to do with the bank's name or the domain name of the bank's official website. sarvayoga.org It should start first awaken suspicion that this message is not what it seems.
If open source complete message, we can identify the server on which it was sent.
At this point it should be clear that This message is sent by the bank. Identification of the server that has received the message, not the slightest Contact OTPAnd the message must Report spam and ignored. You can go even further, to call the police or make a notice to inform the bank of attempted fraud.
The next step is advisable than not it only if you have a firewall and a well-established antivirusand IT knowledge exceed the average.
I went on the link indicated in the e-mail out of pure curiosity. Knowing that most likely will be a web page that my confidential data is required, I wanted to see imagination and the criminals were able to do.
Below is a screenshot of the web page I was redirected from the message:
It is a web page identical to "otpdirekt.ro", One of the official internet banking pages of OTP, only that the above address, the URL, does not belong to the bank. pcitaliasrl.itIt is a domain name that is made a clone of page OTP, and if you enter personal information here definitely be future damage.
How do we distinguish between a real website of a bank and a fake one, used for online fraud?
It is very simple. All web pages of banks and those who ask for confidential data must be accompanied by a certificate SSL.
Acetic This certificate can be seen easily in the web address bar (URL). In the example above, even if fake website uses an SSL certificate (has the lock in front of the web address) is not recorded by OTP Bank.
This page will show the real bank web address, a valid SSL certificate, written in green in the bank's full name appears.
By following these safety features, we can easily avoid becoming a victim of an online scam.
Targeted phishing attacks in time are particularly big banks that have a large number of customers that greatly promotes its online services. FRG, BCR, Raiffeisen Bank, Banca Transilvania, etc.