Type of fraud

Identity theft is a form of fraud in which the perpetrator misuses another person’s personal data to gain financial or other unlawful benefit. Such misuse may include unauthorized withdrawal of funds, opening accounts, applying for loans or payment cards, registering a company, as well as committing other criminal offences.

Most common ways of data misuse

Fraudsters attempt to obtain confidential information in various ways:

Purchase of stolen information
Illegal purchase of personal data by hackers for further misuse.

Shoulder surfing
Observing clients while entering their PIN at ATMs or POS terminals.

Eavesdropping
Listening to phone conversations to obtain payment card details.

Spam messages
Sending unsolicited emails or SMS messages promising benefits while requesting personal data.

Dumpster diving
Searching discarded documents or electronic equipment to find confidential data.

Phishing
Impersonating the Bank, a government institution, or another trusted organisation to obtain confidential data.

Hacking
Unauthorized access to computers or databases for the purpose of stealing confidential data.

Preventive measures

Your awareness is an important part of security. We recommend that you:

• Destroy (shred into small pieces) account statements and documents before disposing of them;
• Permanently delete all data from old computers or phones before disposal, or contact an authorised e-waste disposal company;
• Do not share confidential data with unknown or untrusted persons;
• When entering your PIN, cover the keypad and be aware of your surroundings;
• Immediately notify the Bank if you do not receive your expected monthly statement;
• Report the loss or theft of personal documents to the competent authorities (Police) without delay;
• Contact the Bank immediately in case of loss or theft of a payment card;
• Report any suspicion of misuse of your data to both the Police and the Bank.

Type of fraud

By impersonating a trusted entity (the Bank, Post of Montenegro, government institutions, etc.) via electronic communication channels, fraudsters persuade the victim to disclose personal data.

How the fraud is carried out

Phishing fraud most commonly takes place through the following steps:

• The fraudster sends an email falsely presenting themselves as the Bank, where the sender’s email address resembles or appears identical to the Bank’s address, requesting the client to update their data (e.g. e-banking account);
• The client clicks on the “Bank” link provided in the message;
• The link redirects the client to a fake website of the Bank that closely resembles the official one;
• The client enters their username and password/OTP;
• The fraudster obtains access to the e-banking/mobile banking account details through the fake website;
• The fraudster uses these details to access the victim’s accounts and transfer funds from the victim’s account to a third-party account;
• The fraudster then withdraws or uses the funds from the third-party account to which they have access.

This type of fraud is not limited only to e-banking/mobile banking credentials or impersonating the Bank. In a similar way, fraudsters may trick you into entering payment card details and PIN, or personal ID/passport data, by impersonating other trusted institutions.

Type of fraud

Fake sale of goods via the Internet is a form of fraud in which the perpetrator advertises goods on auction, sales, or classified online platforms, collects payment from the buyer, but never delivers the goods or delivers a worthless shipment. In some cases, the fraudster charges the full price through advance payment or cash on delivery, before the buyer has the opportunity to verify the contents of the package.

How the fraud is carried out

Fraudsters most commonly act in the following way:

• They post an advertisement for the sale of goods on an auction, sales, or classified website;
• They require interested buyers to make an advance payment or pay cash on delivery;
• After receiving payment, they do not send the goods, or in the case of cash on delivery, they deliver a worthless shipment;
• After completing the fraud, they remove the advertisement, deactivate their profile, and become unavailable for further communication.

Preventive measures

For additional security, we recommend that you:

• Purchase exclusively through legitimate and verified websites;
• Check the seller’s reputation (number of positive and negative reviews, comments from other users). Extra caution is required if the seller has no previous reviews;
• Avoid making advance payments without reliable proof of the existence of the goods and the identity of the seller;
• Whenever possible, arrange personal collection of goods with direct contact with the seller;
• Do not share confidential payment card data through insecure communication channels;
• In case of a suspicious transaction, immediately contact the Bank to block the card and receive further instructions.

Type of fraud

Email interception (so-called “business email compromise” fraud) is a form of financial fraud in which perpetrators gain unauthorized access to business email communication between domestic companies and their foreign suppliers. After intercepting the correspondence, fraudsters alter invoice details – particularly payment instructions – prompting the buyer to make a payment to an account under their control. In this way, funds are redirected to a third-party account, causing significant financial loss to the company.

How the fraud is carried out

Fraudsters most commonly act in the following way:

• They gain unauthorized access to company email accounts;
• They identify communication containing invoices from foreign suppliers;
• They impersonate supplier representatives and send altered or fake invoices with new payment instructions;
• The buyer, believing they are paying the actual partner, transfers funds to a third-party account;
• After receiving the funds, the fraudster immediately withdraws them from the account.