Internet and Electronic Banking Safety

 

General

Rules for safe behaviour on the Internet

We would like to remind you of some basic principles of safe behaviour on the Internet and when using Internet and Mobile Banking.
Read more
 

Application

Android: Accessibility authorisation

Do you use Accessibility for apps requiring authorisation? Please make sure you trust these apps.
Read more

E-mail

Companies: Fake Invoices and CEO Fraud

Beware of fraudulent e-mails sent to companies with the aim of inspiring trust and attempting to relieve the corporate accounts of money.
Read more

 

 

 

Android: Accessibility authorisation

Do you use Accessibility for apps requiring authorisation? Please make sure you trust these apps.

 

 

What purpose does this authorisation serve?

Accessibility authorisation is intended primarily for persons with visual and hearing impairment, speech disorders or physical disabilities in order to simplify their work with the phone and with some apps.

For example, authorisation enables the font size to be changed in some apps, the phone to be controlled by voice or the keyboard layout to be adjusted, as well as the reading out of text displayed on the phone screen.

 

What is risky about this authorisation?

Applications with Accessibility authorisation enabled can read (as well as record) the displayed text and thereby get access to the information viewed by the user, such as text messages and conversations, phone numbers and contacts. In the context of banking apps, this may include sensitive data such as names, account numbers, transactions or balances.

 

Where to check which apps use Accessibility authorisation and how to disable it?

You can find a list of apps in the menu Settings - Accessibility - Services. You can also switch authorisation for individual apps on or off in this menu.

 

How do I recognise if an app is misusing my authorisation?

You should consider what the app is for and if the use of such authorisation makes sense. The app’s developer should be able to explain what the app uses the authorisation for - such an explanation may be displayed directly in the app, available on the app page in Google Play or on the website of the company providing the app.

Companies: Fake Invoices and CEO Fraud

Beware of fraudulent e-mails sent to companies with the aim of inspiring trust and attempting to relieve the corporate accounts of money.

Fake Invoices and CEO Fraud are types of fraudulent conduct which more and more companies have come across recently. The fraudsters are trying to imitate communication with the company’s manager or supplier and subsequently to trick employees to send money from corporate accounts.

 

 

How does it work?

  • Fake Invoices
    The fraudster may send an invoice to the company giving the impression it was sent by the company’s supplier. In the majority of cases, the fraudster uses an e-mail address that only looks similar to the actual supplier's e-mail address, however, there are also cases when an e-mail is sent from a genuine e-mail address. The fraudster could trace the link between companies on the Internet but the e-mail box of one of the companies might also be compromised and the existing communication monitored.
    In such case, the invoice itself can appear very plausible, differing only in the supplier’s account number. Frequently, the victim notices such a change, however, and asks for confirmation via a message to the fake e-mail address- the fraudster approves such a change on behalf of the supplier and the victim goes on to send the money.
  • CEO Fraud
    This type of attack focuses on employees managing corporate accounts. The fraudster often searches the corporate structure for individual employees on the company’s website or professional social networks, subsequently contacting particular employees on behalf of the company’s manager with an urgent request to transfer money from the corporate account. In a majority of cases, the fraudster uses an e-mail address that only looks similar to the actual manager's e-mail address, however, we have also registered cases when a genuine e-mail address had been hacked. The message may look credible, in particular in cases when such a method of communication and transmission of payment orders is common. Unless the employee verifies the order with the actual manager, they might send the money to the fraudster, mostly to a foreign account.

 

How can you defend yourself against such attacks?

We recommend always verifying any payment orders and invoices with non-standard data received by e-mail directly with the sender in person or by phone.

Please pay attention to the sender’s e-mail address and check if it is real.

You should also notice any changes in the formatting of e-mails or invoices compared to standard communication (a different font, logo, grammatical mistakes, briefness or austerity); in many cases, companies have registered such features in fraudulent e-mails.

If you suspect that you might have been a victim of an attack, please inform your banker or the Bank’s Customer Centre on the toll-free phone number 800 14 00 14.

 

CEO fraud - example

Spinning wheel animation

Loading

UniCredit Logo