The most common online frauds
Social engineering
Social engineering describes a range of manipulative techniques used by cybercriminals to exploit human error in order to gain financial advantage or sensitive / confidential information.
How do we recognize social engineering?
-
The grammar of the message, the sloppiness of a text that seems machine-translated and/or poor spelling are among the most obvious signs.
-
A heightened sense of urgency that tries to induce the recipient to act immediately. Any urgent request to communicate sensitive data should raise alarm: reputable companies do not normally ask for passwords or personal data in emails or text messages.
-
Questionable e-mail addresses, phone numbers.
-
Requests for sensitive information.
Most common social engineering frauds are:
Phishing is the most common form of online fraud, which is the use of techniques to manipulate the identity of individuals/organizations in order to gain financial advantage or sensitive/confidential information.
Be cautious if you have received an email on behalf of Moldindconbank asking you to click on a link because your card account has been blocked or fraudulent activity is suspected. It is a fake, which can leave you immediately out of money!
Although this email seems credible, you should know that Moldindconbank never sends such a request and never validates such data via email.
How to spot a fraudulent email:
- Check the e-mail address from which it was sent. You will see it is a suspicious one. For example: smtp.cosmichichandscarefoundation.com.
- Letter contains multiple grammatical errors.
- Email stresses the need to act “quickly” and “urgently”.
- It urges you to click on a link to “check your account”, “access Web Banking”, etc.
If you receive a suspicious email:
- Do not open or save attachments.
- Do not access the links in the email.
- Do not give your card details (number, PIN, CVV, OTP passwords, expiry date) and Web Banking or Mobile Banking login details to anyone.
- Delete the email in your mailbox.
If you inadvertently leaked your confidential data to scammers:
- Block your card in the Mobile Banking app.
- Notify the Bank, contact Customer Support 24/24 – 022 71 71 71.
- Call the police at 112.
- Report the fraud.
Phishing by cloning websites or internet banking applications
Cyber attackers can create a fake website with an URL similar to the genuine website and use search engine optimization techniques to make the fake website appear in the top ten results in any browser.
The fake link may contain apparent requests from the internet banking application to fill in more data on a waiting page displayed on the screen.
This allows the attackers to compromise your login details and carry out unauthorized transactions on your bank accounts – usually transfers to accounts they control.
Prevention tips:
- Be aware of advertisements and websites that you access via social media apps or internet pop-ups, especially those that promise attractive payouts in a short time and ask for personal data, card information, and internet banking login codes or security/transaction authorization codes.
- Always access the web banking application from the bank’s official website.
- Check carefully the URL/link of the website you have accessed.
- Do not access app links received by email from third parties, SMS, WhatsApp, Telegram or other social media apps.
If you have fallen victim to a fraud attempt:
- Block your card in the Mobile Banking app.
- Notify the Bank, contact Customer Support 24/24 – 022 71 71 71.
- Call the police at 112.
- Report the fraud.
Vishing is a form of fraud in which attackers try to obtain confidential information or mislead victims through phone calls or messaging services (Viber, Telegram, and WhatsApp). This type of attack is similar to phishing, but is carried out via phone calls.
How does it work?
Fraudsters claiming to be bank employees and requesting confidential information under various pretexts phone victims. For example, to confirm a money transfer banking transaction.
Attackers can also use technology to spoof the phone number displayed on the victim’s caller ID, making it appear as if they are calling from a legitimate source.
Prevention tips:
- Be aware of calls from abroad through messaging apps or directly to the phone.
- Ask for the caller’s name and say you will call back. Verify their identity with the bank by contacting Customer Support 24/24 at 022 71 71 71.
- Do not give confidential data, CVV/CVC security code and passwords received via SMS, passwords via phone calls. The bank will never request sensitive information.
- Block any suspicious numbers.
If you have fallen victim to a fraud attempt:
- Block your card in the Mobile Banking app.
- Notify the Bank, contact Customer Support 24/24 – 022 71 71 71.
- Call the police at 112.
- Report the fraud.
Bank transfer frauds
Be careful when you intend to sell a product and use various marketing sites in Moldova. Criminals are using a new way of fraud by using dubious links to transfer money.
How does it work?
Having a product for sale, you want to promote it through a classified ads website. You are then contacted by potential buyers who appear to be interested in your product, then persuade you to accept the offer to receive your money by clicking on a link.
Clicking on the link to receive the money transfer takes you to a web page, where you are asked to enter your card details (e.g. card number, expiry date, CVV/CVC security code – the 3 digits on the back of the card, PIN code, one-time code received by SMS or other personal data).
This is actually a phishing link where the attackers are trying to collect your credit card details to steal money from your account.
Prevention tips:
- Be careful, do not access links sent by potential buyers and do not give them your confidential data!
- Systematically monitor your account status via the MICB Mobile Banking application or by activating the SMS notification service.
- If you have been the victim of such an attack and you notice that money has been withdrawn from your account, it is important to block your card via the app and contact your bank as soon as possible at 022 71 71 71.
- Remember: The CVV/CVC security code and the passwords you receive via SMS are intended for payment authorization and MUST NOT BE DISCLOSED TO ANYONE UNDER ANY PRETEXT.
If you have fallen victim to a fraud attempt:
- Block your card in the Mobile Banking app
- Notify the Bank, contact Customer Support 24/24 – 022 71 71 71
- Call the police at 112
- Report the fraud.
Be informed! Access the Recommendations on protection of fraud by e-mail.
Smishing – SMS frauds that can drain your cards.
The name comes from the combination of the words “SMS” and “phishing”, which immediately brings to mind text messages received by phone. Scammers usually use the image of parcel delivery companies or clone online shopping sites, sending SMS messages in their name to trick potential victims.
The text messages contain a link which, once clicked, directs the victim to a fake website where they are asked to fill in personal and card details such as: first and last name, address, Ā personal ID, phone number, card number, expiration date, CVV security code.
In such cases, criminals rely on the carelessness of users, who may provide sensitive data without first making some essential checks.
How to protect yourself against fraud:
- DO NOT reply to messages asking for personal information;
- DO NOT access the proposed links;
- NEVER communicate your card data (expiry date, CVV2/CVC code, one-time passwords).
If you have fallen victim to a fraud attempt:
- Block your card in the Mobile Banking app
- Notify the Bank, contact Customer Support 24/24 – 022 71 71 71
- Call the police at 112
- Report the fraud.