Today, increasing emphasis is placed on cautious internet browsing, and not without reason. Particular care is important when it comes to our personal data, such as place of residence, phone number, email address, but also data from our payment cards, as well as the digital identity we have with new ID cards. There are numerous ways in which these criminal activities are carried out on the Internet, and one of the most common and well-known is phishing.

Phishing

Phishing is a type of fraud that essentially involves identity and data theft. Criminals or hackers falsify a company’s website or its social media profile, and through them attempt to steal user data (personal or financial), or to install malicious software on devices, which is actually a virus used to steal data stored on those devices. Most often, this includes accounts, credit card numbers, personal data, i.e. all information that will be of great use to them in the future to cause harm to you personally or to the organization you work for.

Banks, as technologically more advanced companies in terms of applying digitalization in their operations, are aware of the risks and consequences that a successful cyber attack could cause and invest significant resources to better protect clients, their data, and assets, and to enable secure operations. One of the ways of protection against cyber attacks applied by the Bank is raising awareness about cybersecurity among both its employees and clients, because only if we are all aware of the risks and the measures we need to take to protect ourselves, do we increase the likelihood that a potential attack will be unsuccessful or result in only minimal consequences.

What types of phishing attacks exist and how to recognize them

E-mail phishing attacks

E-mail phishing attacks are one of the most common and well-known types of phishing attacks. Hackers or criminal groups send email messages to users impersonating a known person or brand/company. Such email messages in most cases create a sense of urgency and prompt the recipient to click/open them and download content from the message. Links usually lead to websites that either steal user data or install malicious code on users’ computers, known as “malware”. Content offered for download is usually in the form of a .pdf file containing malicious content that installs malware on the user’s computer once opened.

Hypertext Transfer Protocol Secure phishing attacks

Hypertext Transfer Protocol Secure (HTTPS) is often considered a secure link because it uses encryption to improve security. Legitimate organizations today use HTTPS instead of HTTP because it gives an impression of legitimacy. Despite this, hackers manage to include HTTPS links in phishing emails.

Spear phishing or “spear fishing”

Spear phishing is a more sophisticated form of phishing. Hackers use open-source sources to collect information from published or publicly available sources such as social media or a company’s or bank’s website. They then target specific individuals within an organization, using real names, job roles, and correct phone numbers so that the recipient truly believes the email was sent by someone within their organization. As a result, since the recipient does not question the legitimacy of the email, they take the action requested in the email.

Whaling / targeting executives or CEO fraud

Hackers use social media or company websites to find out the names of CEOs and other members of management, and then impersonate that person using a similar email address. It is not uncommon for such emails to contain requests for the recipient to transfer a certain amount of money or review a specific document.

Voice phishing – “Vishing”

“Vishing” is a situation in which a hacker makes a phone call and creates a heightened sense of urgency, causing the recipient to take action that is not in their best interest. Such calls typically occur in stressful situations and times. Because they create a sense of importance, panic, and urgency, the recipient may be misled into providing personal data.

Angler phishing or phishing via social media

In English, there is a distinction between a “fisherman,” who simply places bait on a hook and waits, and an “angler,” who uses sophisticated tools and methods to catch valuable targets. Social media has become a popular channel for phishing attacks. Similar to voice and text phishing, in angler phishing hackers use notifications or direct messaging features to prompt potential victims into taking action.

Learn how to avoid any type of fraud

At Hipotekarna banka, we take care of your security and therefore want to provide you with several useful tips to help you avoid any type of fraud. We know this is not one of the most exciting topics, but safety and protection are a priority.

Possible example of phishing via email:

You may receive an email from an address that appears to be sent by Hipotekarna banka;
You will be asked to confirm or cancel an operation;
Or you will be warned about fraud or suspicious transactions on your account.

Possible example of phishing via SMS or Viber:

You may receive a message from a person claiming to be a Hipotekarna banka operator;
You will be asked to confirm or cancel an operation by clicking on a link;
Or you will be asked to enter your data on a page similar to the Hipotekarna banka website.

Possible example of phishing via phone:

You may receive a call from someone claiming to be a Hipotekarna banka operator;
This person will inform you about a suspicious transaction;
And will ask for your account or card details in order to resolve the issue.

Here’s how you can protect your data

Hipotekarna banka will always contact you via the application!

Hipotekarna banka will never ask you to verify your identity via email, SMS message, or phone. Also, be cautious of communications that require urgent action.

Never share your data.

We would like to remind you that at Hipotekarna banka we will never ask you to share your login details, card number, or PIN for confirmation!

Do you think you have been a victim of a phishing attack?

Contact our customer support by phone at 19905. Our agents are available on weekdays from 08:00 to 20:00 and on Saturdays from 08:00 to 13:00. You can also send or forward a suspicious email to cc@hb.co.me every day.