We are naturally very interested in the security of our clients’ finances and their internet banking. This is why we have prepared a few recommendations on how to avoid any potential unpleasant situations.
Guidelines for using the Internet Banking
Most common methods of obtaining sensitive data and how to protect your data
Phishing is a fraudulent technique that hackers use to install harmful programs (malware) on your computer or mobile phone or to extract sensitive data (passwords, credit card numbers, bank account numbers, birth numbers, etc.) from you. Most often, fraudulent e-mails ask you to click on a link or open an attachment. These messages may be written in English or Czech. These days many of the Czech messages are very well written, i.e. the text is of a high standard. Taking advantage of the vulnerability of computers, hackers can launch a web camera or microphone remotely or become the administrator of your PC, just by having you click on a link that has a virus.
Who sent you the message?
Content of message
Attachments
Links
2. VISHING – FRAUDULENT PHONE CALLS
Vishing (voice phishing) is a strategy used by frauds to acquire sensitive data or to make a call recipient take action – e.g. send money, share sensitive data, click on a link, or download a file, which the caller has meanwhile sent to his/her victim.
Lately, there has been a significant increase in the amount of fraudulent phone calls targeting bank customers, which may end up in a theft of funds from the account of the call recipient.
These are the most frequent methods of deceiving a user of Internet Banking (of any bank) with the use of Vishing:
We never request such data and transactions from customers by telephone or e-mail and never will.
How can it happen that a deceived person voluntarily provides such data to an entirely unknown person?
How to protect oneself against Vishing:
The telephone number of our Customer Centre is 222 010 222. When it is you dialling the number, you make sure that it is really you calling Equa bank a.s.
What I need to do if I gave the calling fraud some sensitive data or if I made a payment to an unknown account based on his/her call:
Information security understands sociotechnology as a method to manipulate people with the aim to make them believe the attacker to be somebody else and to manipulate them to give away information or to take certain steps. With the use of such methods, the attacker will try to convince the victim to give away a significant piece of information. For instance, a password of a computer user is given to somebody who introduces himself/herself as a system administrator on the phone. The techniques of social engineering include also Vishing.
Do not yield to coercion to give away passwords or other sensitive data in person, by telephone or with the use of another electronic device. Should a person set himself/herself up as a higher authority, check him/her with an additional question.
Aside from standard mail, social engineering attacks are most commonly performed using telephone or the Internet (email, chat, Facebook). Experienced social engineers may carry out “face to face” attacks. If the attacker knows his victim personally, he may guess the victim’s password on the basis of the information he gathered about the person. Typically, he tries details such as place of birth, nickname, the name of a village where the victim has a summer house, name of the victim’s dog, etc.
Social engineers take advantage of people’s common traits, such as their trust in other people, occasional laziness, inability to spot minor differences, the willingness to help others, and fear of getting into trouble. If the attacker has a vested interest in the success of the attack, he may dedicate a longer period of time to building confidence.
How to defend yourself against Social Engineering
In case the attacker poses as a figure of authority, ask for further details.
Skimming and guidelines for safe use of payment card
Skimming refers to a way of obtaining data from the magnetic strip of a card using a reader device, without the user being aware of this. The data are subsequently used to produce a counterfeit card. The reader device, i.e. the scanner, is placed directly on the payment terminal. It consists of a part which reads data from the payment card and a part enabling it to obtain the PIN. Both have to be obtained for the attackers to be able to produce a counterfeit and freely use it. You can encounter skimming not only at ATMs, but also during payment in bars, restaurants, at petrol stations, etc.
How to protect yourself:
How does it work?
The fraudulent reader device is placed over the original device
The device scans the card data while the camera records your PIN number being entered
The device is then connected to a PC to which your card data are downloaded
How to find out whether you are visiting a secure website?
The internet is full of hackers and fraudsters who want to obtain sensitive data, login details and payment card information by means of creating fake websites, by intercepting communications, or otherwise. You can defend yourself against them by using the SSL certificate, which makes sure the communications are encrypted. The certificate also serves to positively identify specific servers.
How to verify the website’s security
If the URL address of a website starts with https://, this means the communication between the browser and the server is secure (encrypted).
Secure communication
Symbol indicating an invalid certificate
The security and validity of a certificate may be verified in the browser by clicking on the lock symbol in the address bar, where you can find more details about the certificate.
Secure communication
The certificate details contain information on the owner, the certification authority, and technical information on the connection with the server and the name of the server ( www.equabanking.cz).
This is what the address bar in your browser should look like during login into the internet banking:
Guidelines for secure use of the mobile app
In addition to the guidelines for protection of your login details in the internet banking, please observe the following advice while using the mobile application: