ACCOUNT EMPTYED
Marc Weber (name changed) has fallen victim to a phishing attack. His entire account was emptied. Amount: 40,000 euros. All transactions were carried out via the payment service “Apple Pay” – even though Marc Weber had never used the system.
FRAUDULANS EASILY GET ACCESS DATA FOR ONLINE BANKING
It wasn't difficult for the criminals. In most cases, the bank's website is simply copied and an attempt is made to direct customers to the website using a fake email. This trick can be used to access online banking access data - but only if the bank does not require two-factor authentication.
APPLE PAY UNLOCKING ON THE SCAMMERS’ CELL PHONE
Activating the Apple Pay payment system is just as easy. The attackers usually get their victims to confirm a seemingly risk-free release in their bank app by phone or text message. However, the Apple Pay function is then not linked to the bank customer's cell phone, but rather to that of the fraudster.
NO WARNING WILL BE TRIGGERED AT THE BANK
A warning was not triggered at Marc Weber's bank, the Sparkasse, despite countless transactions. He is surprised about this: “I would have expected pattern recognition if money was withdrawn from gas stations dozens of times on the same day and people also made purchases there. In a place where I haven't been, where I haven't used my account in the past few days. I firmly assumed that the simplest algorithms had to recognize this. But obviously something like that simply doesn’t happen.”
PROBLEM: NO TWO-FACTOR AUTHENTICATION ON LOGIN
Attorney Ulrich Schulte am Hülse represents Marc Weber and other victims. The fraudsters not only hijacked Apple Pay, but also Google Pay. At different banks. However, the vast majority of victims are savings bank customers. The lawyer sees a big problem if the bank does not require two-factor authentication. He thinks: There should be two-factor authentication when you log in to online banking. “If the bank had done it that way, it wouldn't have been enough to put a fake website on the Internet and without this access to online banking you can't activate Apple Pay.
PHISHING EMAILS ARE EASY TO DETECT
In general, banks and savings banks generally do not send emails asking you to click on links. No short messages either. And they never ask for data over the phone. Tip: Set up a daily limit for your account and cards. This means that fraudsters cannot empty the account so quickly if the worst comes to the worst.
By loading the video, you accept YouTube's privacy policy.
Learn more
Source and author: SWR Marktcheck / Daniel Güldner
Also read our fact checks on:
Donald Trump Jr. will not be Elon Musk's successor!
Russian recruits can have sperm frozen for free
Did Joe Biden really grab President Zelensky's ass?
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )