Criminals repeatedly attempt to convince trusting consumers to divulge sensitive personal information of confidential banking and account information by technical means, such as fake e-mails or SMSes, phone calls impersonating other or using fake information over social media. If they manage to obtain this information, they then digitally clean out the account or make fraudulent payments and transfers for their own benefit. This fraud method, of fishing for passwords is called “phishing”: when done by SMS it is called “smishing”, or “vishing” when done by phone calls. The latest edition of the FMA’s consumer protection series “Let’s talk about money” explains how consumers are able to recognise such attempts to defraud them, what they must watch out when dealing with sensitive and confidential data and information, as well as what to do if someone falls for this kind of fraud.
A highly professional electronic method of fraud
In this fraud method, victims are generally approached directly, and them instructed by e-mail, SMS or social media under some pretence to enter or share sensitive personal details, confidential account and credit card details, PINs, TANs or passwords. There is usually a button or a link in the message that requires clicking to log in to their bank. Anyone doing so, is not directed to their bank’s real website, but is sent to a fake website set up by the fraudsters that looks deceptively like the genuine website. The fraudsters then siphon off the confidential data entered by the unsuspecting consumers and log in to their bank’s real website, digitally pretend to be the customer and then electronically steal as much money from the account as they are able to. The fake website as a rule disappears again within a matter of hours or days.
How consumers can protect themselves from phishing:
A few simple rules will serve consumers well in protecting them from such practices:
- Always be critical and careful when reacting to e-mails and SMSes. Never click on links or attachments that claim they will take you directly to your bank’s website.
- Always compare the e-mail address used with your bank’s actual e-mail address.
- Never send sensitive account information like passwords, PINs or TANs by e-mail or pass them on to third parties by other means. Check your bank’s website to see if it has already published relevant phishing warnings.
- Above all: Serious financial service providers will never ask you to divulge confidential information by e-mail or SMS.
The latest edition of “Let’s talk about money” on “Phishing” contains additional useful hints and tips. It can be downloaded the the FMA’s “Let’s talk about money” website at: https://redenwiruebergeld.fma.gv.at/en/phishing
Journalists may address further enquiries to:
Klaus Grubelnik
+43 (0)1 249 59 – 6006
+43 (0)676 – 88 249 516
[email protected]