Go to content Search engine

Online safety. Beware of cybercriminals!

22 April 2022

In view of the ongoing war in Ukraine and in response to the need faced by Ukrainian citizens arriving in Poland in large numbers, many banks in Poland have prepared offers to open a bank account dedicated to our neighbours from the East. The Financial Ombudsman publishes a set of tips outlining the basic principles related to safe use of online banking and warns of the risk of money being stolen from a bank account and personal details being phished.

The Financial Ombudsman points out that criminals adapt to changing socio-economic realities and often take advantage of the difficult life situation or overconfidence of potential victims. The Financial Ombudsman expects that also in the current situation the actions of dishonest individuals and entities taking advantage of the difficult position of war victims and refugees will become visible. Cybercriminals can exploit the unawareness and anxiety of Ukrainian refugees in particular, therefore the Financial Ombudsman outlines basic principles and tips for safe online banking.

To protect yourself from fraud and be an informed payer, remember:

  • Reliable information for refugees can be found on the pages in the gov.pl domain.

The pages available in the www.gov.pl domain belong to public institutions in Poland. In the era of seeking reliable information about the state of war in the East, aid for refugees in Poland and taking the right action, it is worth using official and verified sources. Do not act impulsively and take the time to verify the information, especially if it prompts you to take steps related to financial burdens.

  • Protect your personal data!

By opening a bank account, you may be exposed to people whose aim is to phish for your personal information or steal your identity to commit crimes. Stolen personal information can be used to take out a loan on your behalf or open a bank account without your knowledge, where funds derived from crimes can be collected. To prevent this, when opening a bank account, do not accept assistance from unknown, random people. Information necessary for identification (name, surname, place of residence), as well as details of an identity document such as a passport, should be protected and only given if necessary! If your documents have been lost or stolen, report this immediately to the law enforcement authorities – the Police or the Public Prosecutor’s Office!

  • Check with your bank what documents you will need to open an account.

Banks in Poland have responded to the difficult situation of Ukrainian citizens by simplifying the procedure for opening a bank account. Opening a bank account always requires a visit to a bank branch, but banks do not have the same requirements regarding the type of document that needs to be presented. Check whether you have the document required by the bank and whether the chosen bank also sets other conditions, such as having a telephone number or address of residence. Before visiting your bank, call the helpline for the most up-to-date information.

  • What about an online banking application and payment card?

It is at the stage of entering into the agreement that the bank will inform you that you can use the banking application and give you instructions on how to install it. A payment card is usually provided as a consequence of entering into a bank account agreement. Look out for individual charges, for example for cash withdrawals from a particular ATM and transfers. The agreement and terms and conditions also include security rules regarding, among other things, the storage of the card or obligations to report card loss/theft. If you are not sufficiently familiar with the Polish language and the agreement is drawn up in Polish, ask a trusted person to translate it, particularly with regard to the obligations imposed and fees. However, if you ask for a translation, remember to protect your data, e.g. your unique login data to the application, as such data should be known only to you and you should never disclose it even to a trusted person!

  • Pay attention to what type of payment card your bank offers you.

The most common payment card, used for example for shopping in brick and mortar shops or online, is a debit card. It allows you to use your own funds held in a bank account. It is to be distinguished from a credit card, where you use the bank’s funds, within a credit limit granted by the bank, which you must repay according to the terms of your agreement.

  • Online security – unauthorised transactions. Do not install unknown applications.

The Financial Ombudsman points out that caution should be exercised, because every year there are many cases of so-called unauthorised transactions. How can an unauthorised transaction be described in a nutshell? This is a transaction that the bank customer did not consent to, but was nevertheless executed, e.g. as a result of criminal activity.

Criminals are increasingly using the ‘remote desktop’ method, in which they urge people to install applications such as Anydesk, Ammyy Admin, TeamViewer, Mikogo, ThinVNC, UltraVNC. If anyone urges you to install this type of application, you can assume it’s a scam. Such applications are used to take control of your device and bank account. Criminal activity in the area of unauthorised transactions can be expected to increase, and offers to install unknown applications may be forthcoming, if only in connection with a supposed desire to provide assistance, housing offers, etc. So be vigilant!

  • Never give your e-banking passwords or payment card security details to anyone. This applies to contact in person, online and by telephone.

The bank never asks for your password, login or one-time codes in an email or over the phone, not in any emergency situation, let alone for a ‘threat’, ‘opportunity’, ‘reward’, etc. A recent popular scam is to impersonate a bank employee. Never provide login details outside of the bank’s website (which should be verified each time – see section 9).

  • Learn about the most common methods of stealing money from your bank account.

Currently, one of the most common and difficult to detect crimes is the fraud initiated by olx, in which a third party claims to be the buyer/seller and sends a fake payment link via another application (e.g. WhatsApp). Other scams, such as ‘additional payment’ scams, which involve sending a fake link in an SMS or email, in connection with a supposed need to pay extra for gas, electricity, a package or other services, are also still popular. The link in this case is false and the content may also refer to another payment, offer. Do not click on such links, as this puts your computer or smartphone at risk of becoming infected.

  • Always check that you are on the bank’s official website.

Check that the website has a “green padlock” (SSL) and at the same time the correct bank name in the website address. Simply checking for the presence of a padlock is one possible form of verification.

  • Do not open emails, messages of unknown origin, especially attachments.

Acting according to the principle of ‘no trust’ or ‘limited trust’, verify information, spot inconsistencies, take a moment to check the credibility of a website, message or offer. This will prevent any attempt to phish for your identification or authorisation details or to induce you into financially disadvantageous actions. Remember that one popular method of stealing money from your account is phishing, which is most often based on sending out mass emails or via social media that contain links to phishing sites.

  • Set transaction limits for logging into banking services.

Set limits on the amount of a single transaction and limits on the maximum number of daily transactions. The limit can be increased at any time (e.g. for one-off larger operations), and for a criminal a low limit can prove to be a real obstacle to stealing funds from your bank account. A limit does not protect against theft of funds from your account, but it can make it harder for an unauthorised person to operate freely on your account.

  • Pay attention to whether the Bank offers you so-called ‘click loans’ in online banking.

A so-called ‘click loan’ is a type of quick loan which is often offered by Polish banks. It is granted in electronic banking, in a completely remote manner. Remember that if your bank account is hacked, criminals can not only deprive you of all the funds in your account, but also take out a loan on your behalf. At the stage of entering into the agreement, the Bank ‘collects’ marketing consent, including to display and offer a quick ‘click’ loan in the online banking panel. If you are not interested in this form of loan, e.g. for fear of an unauthorised person gaining access to your account, do not give such consent and this type of offer should not appear in the system.

  • What to do if you are a victim of cybercrime?

If you have already been a victim of fraud, report it to the Police or the Public Prosecutor’s Office. At the same time, report the unauthorised transaction to your bank, and if you do not receive a reply or if it is negative, you can ask for help from the Financial Ombudsman or the municipal or district consumer ombudsman. Action should be taken immediately.

Recommended

30.05.2022
The Financial Ombudsman’s website in Ukrainian
22.04.2022
Online safety. Beware of cybercriminals!
21.04.2022
An illusory insurance contract to a loan. The court agreed with the Financial Ombudsman and ruled in favour of the borrower who was ill.