Banks, how to defend yourself against scams via text messages and phone calls

What are ‘smishing’, ‘vishing’ and ‘social engineering’. Unicredit advice

The scams through the channels most used by banks to communicate with customers, sms and phone calls, are increasingly frequent and sophisticated. The texts of the messages are well crafted and invite sharing personal data, credentials and sensitive information. In this case we are talking about ‘smishing’. A scam that takes place over the phone is called instead ‘vishing’ and has the purpose of stealing personal and confidential information such as access data to the Multi-channel Bank service, the device password, credit/debit/prepaid card numbers or the pin connected to them in order to then carry out fraudulent operations (for example top-ups , wire transfers, internet purchases).

Very often, those who attempt a scam do so using all the information they have available. The social engineering it is an attack technique based on the study of people’s behavior with the aim of manipulating them and stealing personal information. This type of scam is based on psychology and exploits the victim’s trust and vulnerability to obtain confidential data such as passwords or bank account information.

How does the scammer behave? Some common behaviors: contact the victim by phone, pretending to be from customer service at the bank, branch or anti-fraud office; try to establish a relationship of trust by demonstrating that you are aware of some bank details, in order to induce the victim to believe that the call comes from their bank; refers to suspicious account or card movements, problems accessing the multi-channel banking service or access attempts by third parties; asks for access data to the multi-channel banking service, the device password, credit/debit/prepaid card numbers or the pin connected to them.

How do we defend ourselves? The main indication that comes from the lenders themselves in the periodic communications they make to customers on the subject of security is that of acquiring all the elements to recognize ‘true’ communications. In the case of Unicredit, for example, it is useful to have in mind what the bank, unlike scammers, will never do. By sms, personal data, password to access the Internet bank, card or current account numbers will never be asked, nor will it be asked to follow instructions to resolve a ‘critical’ situation, reclaim a temporary account, save sums of money or perform a reversal. Therefore, be wary of any text message that is not in line with these characteristics. And the phone calls? The bank will never contact the customer to ask for device and/or access passwords to the multi-channel banking service, the card pin and/or the three-digit security code shown on the back of the card, nor will it be asked to follow instructions to resolve a “critical” situation, reclaim a temporary account, save sums of money or make a transfer. So, be wary of any telephone contact that has these characteristics. (From Fabio Insenga)



Source-www.adnkronos.com