Educating clients on key matters in finances is a priority of Swedbank. With the easy-to-use and attractively-priced electronic services gaining increasing popularity, we offer series of articles dealing with fundamental principles of security in electronic environment.

This time – about fraudulent bogus letters!

Fraudulent bogus letters (could also be telephone calls) or so-called ‘phishing’ have become now a classic type of fraud, through which fraudsters attempt to obtain sensitive information such as username, password, credit card details. It is not an attack on the Internet Banking site or other secured environment but on the key – in this event on the customer’s personal and secret key to their finances.

So, what ‘phishing’ really is?  

A phishing e-mail means a bogus e-mail purporting to be an authentic e-mail from the bank and aimed at extracting a person’s confidential data. Instances of phishing have long been a commonplace thing in the world, and now this is happening increasingly often in Latvia, too, and this trend is unfortunately here to stay.

What techniques are employed by fraudsters?

1. False sender

   A customer receives an e-mail as if from their own bank, with the “From” line showing Swedbank (info@swedbank.lv), Swedbank Internet Banking (info@swedbank.lv) or other sender as if related to the bank. However, one should bear in mind that unfortunately everywhere in the world the e-mail system works in a way that lets anyone with minimum competence in IT stuff specify any other e-mail address, actual or fictitious, as the sender’s address.

2. Corporate style in e-mail

   An address such as “Dear Valuable Customer”, the body of the message, a thank-you note “Thank you for using Swedbank Internet Banking Service”, and the closing text such “Sincerely, your Swedbank” is worded with a view to imitate the bank’s style as much as possible.

3. Fake links

   The name of the link is made to look as much as possible like a genuine link or bank’s activity e.g. „Click here to update your account” or „Go to Internet Banking page”, but in reality the link takes you to a phishing website. It is just like when the link “find out more” under an article in any website can take you to any other webpage. Also, when writing a text or e-mail, one can easily create their own links with target addresses of their choice by using the simple function Insert > Hyperlink.

4. Use of bogus webpage

   The deceptive links described above normally take you to a bogus webpage that imitates the genuine webpage and where the entered data becomes available to third parties and may be used for malicious purposes.

5. Attempts to infect the computer

   In some cases, the fraudster will also try to infect the computer with a virus that may serve a malicious purpose. All of us have heard of the words ‘computer virus’, and, indeed, they are real and come in a wide variety.

What to do if you get an e-mail asking to supply card details or Internet Banking credentials?

1. In case of any doubt or suspicion, promptly get in touch with the bank and verify the authenticity of the e-mail received.
2. Keep in mind the most important rule for financial safety on the web, which is also actively communicated by the bank: 

The bank will never request customers to disclose any details necessary for online banking.  
Never ever e-mail or tell over the phone such data as:

• Internet Banking passwords;
• code card’s or security token’s codes in their entirety;
• card number;
• card expiry date;
• PIN code;
• or the CVV2, which is three-digit code on the back of the card in the white space next to the signature panel.
3. Be alert and do “computer hygiene”.
• Bogus e-mail (may as well be a phone call) requesting to supply personal data.

  It is comparable to a situation where a person comes up to you on the street claiming to be a bank employee and asking to give them your home address (‘user number’) and keys (‘passwords and codes’). Telling your home address and giving keys to the home to a complete stranger would be the same as disclosing your Internet Banking or card details upon request in e-mail. The fraudster is not trying to break the house open but is actually trying to steal the key to your home.

• Computer viruses and security software

  The world of Internet is full of all kinds of viruses, which makes it important for everyone to take care of their computer’s safety. It is just like in daily life – to safeguard ourselves we wash our hands before eating and wash vegetables and fruits bought in store. In corporate settings, it is the IT administrator, responsible department or company that takes care of computer system safety. For home users, many developers offer fairly attractively priced options. For example, Kaspersky® Anti-Virus 2010 for 2 computers costs 26 – 36 lats, with annual licence renewal costing around 16 – 22 lats.

4. Follow news offered by the bank and use the bank’s solutions and guidelines:
• Safe online shopping

  Swedbank offers a safe Internet shopping service Verified by VISA for all VISA cards. When shopping online, the identification message set up by the customer will appear in the transaction confirmation screen and password will be required upon every purchase. When buying online, you must make sure that the identification message matches the one set up by you. If the text of the message differs, do not enter your password!

• Security image

  In Internet Banking, every user can choose their own security image which is easy to remember and is a simple way of making sure that you’ve logged in on the authentic Internet Banking site.

By observing simple and logical safety principles, the electronic services will add comfort to your life and make money matters safe and cost-efficient.