Using an elaborate but well-thought-out scam, fraudsters target online banking access and gain full access.
For a few days now, several citizens have been falling victim to a new type of fraud, which particularly affects people who use online banking.
Fraud in three steps: Step 1 – New credentials
The perpetrators proceed in three major steps: First, they obtain the personal data (name and telephone number) and the account details (IBAN and BIC) of the injured party in an unknown way, and can use this to find out which bank they are at the injured parties are resident.
Then you look for telephone numbers of special customer advisors on the internet, on the respective websites of the credit institutions. The customers are then called. The perpetrators are able to make the caller numbers appear in such a way that the actual, real telephone number of the respective customer advisor (with the correct extension) is shown on the displays, even if this does not correspond to the “real” telephone number. In this way, trust is initially generated among the injured parties.
The aim of the calls is to use a pretext to obtain the victim's online banking access data. It is suggested that there were unlawful debits to the checking account because the online banking access data fell into someone else's hands.
In order to protect the account, the perpetrators ask the victims new access data . Since this is generally possible from home in every bank's online banking, this is usually done directly with the victims over the phone. In this way, the perpetrator obtains the newly generated access data for online banking.
Step 2 – New residence
In a second step, a letter is sent to the bank stating that the customer now has a new place of residence . In previous cases, a new place of residence in North Rhine-Westphalia is always stated here.
The signature on the letter is forged by the perpetrator, so that the bank actually changes the place of residence in the customer master data. It is still unclear how the perpetrators obtained a (apparently deceptively real) signature sample from the victims.
Step 3 – Secure app
In order to be able to carry out a transfer, online banking customers of every bank must always generate a so-called TAN, i.e. a type of confirmation code. Until recently, it was common for this procedure (entering the transfer + generating the TAN) to take place on two different devices. In the age of app use, many customers recently have two applications on their smartphone: Firstly, a pure “banking app” on which transfers can be entered. On the other hand (to carry out the transfer) there is a so-called “Secure” app on which a TAN is imported. This TAN is confirmed by the user and then entered into the “banking app”. This is how the transfer is carried out.
Different access data is required for both apps. You cannot log in to the “Secure” app with your usual online banking details, but need another access code.
When you register for the first time, the bank sends this data to the customer by post. And so the circle closes:
In step 3, the perpetrators ask the bank to activate the secure app and have the access data sent to the new, just changed “fake home address” ; the Secure app is activated.
Full access for the scammers
In their first step, the perpetrators have already received the online banking data, so that the pure banking app is also functional. Now the perpetrators have control over both necessary factors and could carry out any transfers from the victims' accounts.
To avoid
All citizens are called upon to update their online banking daily and check for incorrect debits. If you see a new address on your account statement or if other sensitive data has changed, please inform the bank immediately.
Make sure that bank employees never change personal information in the bank systems over the phone.
Never dispose of parcel waste containing addresses, invoices, letters etc. containing sensitive data such as names and/or account numbers in normal waste paper. Perpetrators like to “rift through” things like this and may then get their hands on the data.
The bank should always be particularly sensitive to any address changes by customers, especially in writing, especially if the secure app was activated after the address change. A telephone consultation with the customer can have a preventative effect in the event of any notifications of changes.
You might also be interested in: Warning about WhatsApp scams
Source: Press portal
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )