Always be cautious when handling sensitive bank information. Should you fall victim to fraud, your bank will only refund the loss if you have exercised sufficient care and are not partly to blame for the loss. In the event of gross negligence or wilful misconduct, the bank will assume no liability.

If you have been defrauded or suspect that this may be the case, it is crucial that you block your payment cards and access to your online or telephone banking. You can do this by contacting your bank or calling the “Sperrnotruf” hotline 116 116, which helps consumers in Germany block their accounts. You should also have your card blocked if an ATM swallows it. If you suspect that third parties have obtained your online banking login details, you can change the login details yourself in your online banking.

You should also immediately report the suspected fraud to the police so they can have your card blocked for electronic direct debit transactions. This is crucial, since banks and the Sperrnotruf hotline are unable to block such transactions.

If you have divulged sensitive card or banking information, you should immediately contact your bank. It is also your duty to keep an eye on your account transactions at all times. If you discover that someone has made unauthorised payments or cash withdrawals from your account, you are required to inform your bank immediately, specifying the amounts involved.

Skimming

What is skimming?

Skimming is when criminals illicitly obtain card data and PIN numbers as people use ATMs. They do this by installing a card reader that matches the ATM’s design on top of the machine’s insertion slot or even installing a whole new front panel. The card reader is designed to read the data in the card’s magnetic strip, copy it and pass the card along to the machine’s card reader. The victims suspect nothing, since the scam does not interfere with the normal functioning of the ATM.

The criminals obtain PIN numbers either via a fake keypad on top of the original keypad or through a miniature camera installed above the keypad.

They then copy the stolen card data onto blank cards and make withdrawals using the PIN number.

How to protect yourself from skimming

• Always examine the surroundings and the condition of an ATM before using it.
• Conceal the keypad as you enter your PIN and make sure that no one is standing behind you watching.
• Regularly check the withdrawals from your account.

Phishing

What is phishing?

Phishing is a scam in which fraudsters send out e-mails claiming to be from a bank, for example. The e-mail prompts recipients to enter their PIN and TAN numbers for online banking.

It is often impossible for the recipients to determine at first glance whether the e-mail was indeed sent by their bank or whether it is fraudulent. The scammers choose a subject (e.g. “Your bank transfer”) that will pique recipients’ interest, leading them to open the e-mail and disclose their sensitive data.

Another spin on this scam comes in the form of banking Trojans. In this case, the e-mails include a link or an attached file with malware that is installed on the recipient’s computer or mobile device. The malware may imitate the homepage of the recipient’s primary bank in order to steal the data they enter there.

Other banking Trojans operate in the background and manipulate bank transfers to divert the money to the scammer’s account.

Banks are unable to prevent these illegal e-mails, since most of the messages are sent from outside Germany.

There is also a risk of phishing attacks when consumers buy or sell items online. Here, too, scammers can attempt to infect your devices with malware through e-mails and steal your card information..

How to protect yourself from phishing

• Never enter your sensitive login data when you are prompted to in an e-mail. Banks and card providers do not send such e-mails.
• Do not open attachments, links and downloads in unfamiliar e-mails.
• Only download files from legitimate sources.
• If you doubt the authenticity of an e-mail, contact your bank.
• Be careful with your data online and when using social media.
• Use an encrypted connection (e.g. SSL standard).
• Take care to use secure websites beginning with “https”; your browser will display a padlock symbol in the status bar.

Vishing

What is vishing?

Vishing (or “voice phishing”) involves a combination of computer and psychological manipulation. The scammer makes phone calls with a fake number not associated with their IP address (imitating a bank’s phone number, for instance). They manipulate Voice over Internet Protocol (VoIP) technology to conceal their identity and telephone number. As a result, the victim sees their bank’s real telephone number on the display even though a criminal is on the other end of the line.

The scammer thinks of a plausible story for why the victim must take immediate action and share sensitive data. They use psychological tricks to get what they want, putting victims under pressure to disclose sensitive information and act as urgently as possible.

For example: a scammer claims to be a bank employee and tries to manipulate their victims – usually older people – into transferring significant amounts to (usually foreign) bank accounts or divulging their online banking data. The scammer may claim that the victims’ money is in danger due to bank closures or criminal organisations who they claim are able to access it.

In another frequently used method, the scammer leaves a message on the victim’s answering machine or voicemail requesting a call back because the victim’s bank account was allegedly involved in a cyberattack. When the victim calls the number, a pre-recorded message tells them to provide their bank or credit card details.

How to protect yourself from vishing

• Never disclose your banking information, TAN numbers or login details when you receive an unexpected phone call. A bank will never call you to ask for this information.
• End the conversation and contact your bank’s customer service to ask whether the supposed employee and the situation described are real.
• Do not call any numbers sent to you via e-mail, since they may be part of the scam.

Fake Shops

What are fake shops?

Scammers also operate by creating counterfeit or entirely fabricated online shops. They typically attract customers by offering high-quality products for very low prices. However, the items these customers order are never delivered once they have provided their sensitive data and paid – with advance payment usually required.

With this method, consumers fall victim to fraud on two levels: they are tricked not only into paying for goods that are not delivered, but also into revealing sensitive data such as their card information.

How to protect yourself from fake shops

• Compare prices and be wary of offers that are too good to be true.
• Research the different shops, such as by checking reviews.
• Look at which payment methods are offered.
• Be careful when entering sensitive data.
• Use the information from the terms and conditions and the legal notice to confirm the existence of the online merchant. If the site contains no legal notice and no terms and conditions, it is a fake shop.

Job Scamming

What is job scamming?

To verify the identity of customers wishing to open a bank account, some credit institutions offer a video identification service so that customers do not need to visit a branch office or post office to have their documents verified. With this service, customers identify themselves to the credit institution or a subcontractor in a video call, often via a smartphone app. To confirm their identity, customers must present a valid identity card or passport to the camera and answer a few questions.

Internet scammers have learned to use this digital option for opening an account to their advantage. They lure consumers into disclosing their personal data and taking part in a video identification process. The perpetrators use the accounts opened in their victims’ names for criminal purposes, such as money laundering or receiving payments from fake shops.

One common scam involves fake posts in online job portals or on classifieds sites. The scammers use websites created to imitate prominent companies, some of which look quite professional and authentic. Those who respond to the job posting are often asked to take part in an online application process that requires applicants to divulge a wide range of personal data and send photos of their identity card, for instance. Meanwhile, the scammers apply online to open a bank account with a credit institution in the applicant’s name, but using contact details to which only they have access.

Under a pretext, the applicants are then asked to undergo a bank’s video identification process. The reason given might be that applicants need to be verified by a “partner bank,” since an in-person interview is allegedly not possible for remote work positions. In another method, the applicant is promised a permanent employment contract if they successfully complete a “test assignment” of conducting quality control for the video identification service. The scammers instruct applicants to lie to the bank and not reveal the “test” even when the bank poses questions.

In reality, the video identification process serves to open a bank account in the applicant’s name, which the scammers then use for criminal purposes.

How to protect yourself from job scamming

• Have you applied for a job only to be told that an in-person meeting is not possible? If so, you should be very cautious with your personal data.
• Has someone told you to take part in a bank’s video identification process for opening an account in order to verify your identity for a job offer? Do not proceed! A procedure for opening a bank account has nothing to do with a job application process.
• Has someone asked you to test the video identification process? Have you been instructed to pretend, for test purposes, that you want to open an account for yourself? Break off contact immediately and report the incident to the police! There are no real offers for jobs like this on the Internet.
• Are there warnings or other indications that you should be suspicious of the alleged job offer? Conduct thorough research to confirm the authenticity of job offers before sending in your application.