Recommendations on Protection Against Fraud and Cybercrime
Recommendations for Individuals
- Never share your card or account details, PIN code, mobile banking password, or one-time passwords (OTP) with anyone.
- If you receive a call claiming to be from the bank and personal information is requested, verify the authenticity of the call via official bank channels before sharing any data.
- Do not click on suspicious links or open SMS and emails from unknown sources.
- In case of fraud, immediately notify your bank and contact law enforcement authorities.
Password and Secret Word Security
- Do not use easily guessed information (such as name, surname, date of birth, or patronymic) as your “secret word” or password.
- Password recommendations:
- Must include letters (both uppercase and lowercase), numbers, and special characters.
- Should be as unique as possible and used only by you.
- Must be updated periodically.
- Never share your passwords with anyone.
Security Measures for Legal Entities
Risk of Cybercrime and Fake Invoices
Cybercriminals increasingly send fake invoices and altered bank details to redirect funds to third-party accounts.
- If a counterparty (vendor, supplier, etc.) informs you of changes to bank details (name, account number, tax ID, etc.) via email, always verify the information by phone before relying on written communication.
- Suspicious signs include:
- A different email domain (e.g., “.net” instead of “.com” or added symbols in the domain name).
- Alterations in document design or formatting.
- Urgent payment demands or unusual amounts.
Phishing and Fake Websites
Fraudsters may create fake websites that resemble official partner sites. In such cases:
- Carefully check the domain address.
- Conduct online research about the company or entrepreneur.
- Pay attention to public or legal complaints and warnings about fraud.
- Verify the company’s legal details (tax ID, state registration, etc.) whenever possible.
Post-Transaction Verification
- After making a payment, always contact the counterparty to confirm the funds were received into the correct account.
- If fraud is detected or funds are transferred to an unauthorized third party:
- Immediately submit a written request to your bank.
- Include the following with your request:
- Documents related to the payment (invoice, correspondence, etc.).
- Evidence confirming fraudulent activity.
- Documents proving that you have contacted law enforcement authorities (application, report, etc.).
Important to Remember
- The bank will never request your confidential information via phone or message.
- To ensure your security, always act cautiously and investigate any suspicious situation.
- If you encounter a suspicious case:
- Immediately contact your bank using official communication channels.
- If you have already shared information, take immediate action to block the relevant accounts and cards.
- Inform law enforcement authorities.
Security Recommendations
1. Protection of Confidential Information
- Bank card details, OTP (one-time password), mobile banking password, and secret words are intended solely for your personal use. Do not disclose this information to anyone, including individuals posing as bank employees.
- Information that must never be shared:
- Card number and CVV code
- PIN code
- OTP (one-time password)
- Mobile banking login password
- Secret word
- Personal identification details
- Password and secret word security:
- Do not use simple and easily guessed passwords (such as name, surname, patronymic, date of birth, etc.).
- Use a combination of uppercase and lowercase letters, numbers, and symbols.
- Set different passwords for different platforms.
- Update your passwords regularly.
- Protection of personal devices:
- Enable biometric authentication in mobile applications.
- Use screen locks on phones and computers.
- Ensure antivirus software and security updates are regularly installed.
2. The Most Common Fraud Methods
- Phishing: Fake emails or websites attempting to steal your personal information.
- Vishing: Fraudsters impersonating bank or government representatives to obtain information over the phone.
- Fake investment and profit schemes: Promises of high returns in a short period of time.
- Fake customer service calls: Attempts to install malicious software on your device under the guise of technical support.
- Social media and messenger scams: Fraudulent campaigns and fake contests.
- Urgent payment requests: Fake vendor messages and altered payment details sent to legal entities.
For each case:
- How it happens: They pressure you to provide information urgently.
- Suspicious signs: Unknown numbers, aggressive tone, spelling errors, urgent demands.
- How to prevent: Do not provide any information, contact your bank directly, and avoid clicking suspicious links.
3. Internet and Mobile Banking Security
- Download applications only from official sources (App Store, Google Play).
- Ensure the website has HTTPS and a correct domain name.
- Use two-factor authentication (2FA).
- Always log out of mobile applications after use.
- If you notice suspicious activity, log out immediately and contact the bank.
4. Corporate Security (for Legal Entities)
- Be cautious about fake invoices and altered bank details.
- Verify the accuracy of corporate email domains (e.g., @abc.com vs. @abcc.com).
- Spoofing and domain fraud are common. Confirm details with a phone call before transferring funds or sensitive information.
- Internal control: Apply the “four-eye principle” (dual authorization) for payments.
5. What to Do in Case of Fraud
- Contact the bank immediately.
- Request suspension of operations and account blocking.
- Submit a written complaint to law enforcement authorities.
- Provide the following documents to the bank:
- Transaction-related documents (invoice, correspondence, etc.)
- Evidence proving fraudulent activity
- Documents confirming your complaint to the police or other authorities
