Nikolay Bocharov, Head of Anti-Fraud Department at the global payment network Mercuryo

How To protect Your Money.

Recently, e-commerce fraud cases involving bank cards, internet banking, and crypto wallet accounts have become more frequent. Both businesses and their customers are losing money, but companies are suffering reputational losses on top of that. Unsurprisingly, users often accuse fintech firms of paying little attention to customer protection.

Types Of Phishing

Phishing implies that a scammer with a solid cover-up reaches out to a person through an email, social network, or a phone call in an attempt to obtain confidential information. There are several most common options for such schemes.

A call from your bank's security office

A client gets a call from a person introducing themselves as their bank's security officer. They warn a client about suspicious activity on their card and ask to verify a transfer or operation, naming random transaction details.

Since the client doesn't confirm the operation, the "bank employee" says they need to cancel the payment, reconcile some data, or verify the card's identity's legal owner or internet banking account. In all cases, the client must provide either an SMS code or the card number and its other details.

Other information may include internet banking's login or password, a Google authenticator's or other 2FA service's password. After the scammer receives this info, the conversation ends, and the client's account gets cleaned out.

A call from your bank's tech support

In this case, the call is made by the bank's technical support 'employee' asking a client to download and install a file via the link sent by email. They explain this request by implementing an additional data protection measure. Then, the scammer connects to the client's device via a TeamViewer, a software for remote control of computers.

Alternatively, they can warn the client about the rising fraudsters' activity and ask to fill out a questionnaire form on the bank's special security page. The URL will slightly differ from the original bank's page, but the overall design will be nearly identical. As you've probably guessed, all data entered by the client on this fake page will be immediately compromised.

A message, a text, or an email

Finally, scammers tend to send out written messages by emails, social networks, messengers, or simply via SMS. The message may contain a malicious file, a link, or a phone number that the client should call.

Non-verbal communication is much less effective since it lacks a vital emotional component or the constraint effect. Written messages cannot create a similar overwhelming effect. However, in this case, quantity is trying to beat quality - such campaigns are several times cheaper than organizing one call and typically take on a mass form.

Anti-Phishing Tips For Companies And Their Customers

Complying with simple rules of financial literacy helps avoid unpleasant situations and financial losses. That is why communicating helpful information that will help customers protect themselves should be every company's top priority.

Here are some examples of the tips a company must share with its customers.

Do not share your private information with anyone

Under no circumstances should you share your bank card details, email passwords or give access to any accounts, emails, or other sensitive data. Remember that nobody, including bank employees, police, or any other authorized representatives, has a right to request this info.

Stay calm and sensible

Always stay critical and calm when receiving any information. Fraudsters deliberately use psychological techniques aimed at solving the problem right here, right now. The best way out of this situation is to hang up, call the bank yourself, or check the information in any other way.

The code word rule

The code word is a great way to verify your identity. However, you should never disclose it to anyone who calls you. The only case when a bank representative will ask you to say your code word is when you call the bank yourself.

Don't click on suspicious links

Do not download unknown files, browser plugins or extensions from unverified sources. Do not follow the links, even if the hyperlink contains a seemingly harmless message.

Use licensed security software

Use licensed information security tools on all of your devices, including computers, smartphones, and tablets.

Mind P2P transfers

Be extremely careful about any P2P transfers. Keep in mind that according to the current legislation, they are final and irreversible. Treat them as if you have made a purchase in an unfamiliar city from a random person via cash. All guarantees for the provision of services or the purchase of goods must be fulfilled before sending the funds.

Use dedicated password storages

Do not store your wallet's private keys or any other critical data in email drafts, saved messages, or any other similar places.

Keep your documents safe

Take sending photos of your documents for identification purposes very seriously. In the wrong hands, they can be used to create a pseudo-profile under your name. Carefully check the platform that requests your documents, including selfies with a passport or bank card images.

Bottom line

However ingenuine phishing attacks are becoming, you can always withstand them if you stay calm and rational. Remember that you do not have to share any of your sensitive data with any other party and try to stay alert when dealing with websites that demand your payment details.