The first three months of the year have witnessed a surge in cyber attacks on bank clients, with a 20% increase compared to the same period last year. Overall, more than twenty thousand customers were defrauded, three thousand more than the previous year, according to the Czech Banking Association. The association also warned that cyber fraudsters are now employing technology that enables wireless data transfer for their scams.
In the first quarter, these cyber fraudsters caused damages amounting to 357.19 million koruna. Even though the average damage has decreased compared to the previous year, it still stands at a significant 17,236 koruna per client. The victims either fell prey to successful logins into their online banking or had their payment cards misused. The association clarified that this includes any type of attack, even manipulations where the client themselves authorizes the payment.
The association also warned about new types of scams, for instance, messages claiming that people have a supposed tax overpayment to collect. Cyber fraudsters are capable of using NFC technology, which enables wireless data exchange, and remote human manipulation to gather payment card details and use them for ATM withdrawals.
The fraudulent process involves several suspicious steps. The victim receives a text message from the bank about a banking app update or that their account is at risk, including a link to download an app. The app appears to be legitimate, but in reality, it’s fraudulent. After downloading the app and filling in personal and sensitive information, like the PIN to the card, an alleged bank employee calls.
This fake bank employee, now equipped with all the account details and access, informs that the account is under attack and the card needs to be attached to a mobile phone to save the money. “At that moment, the NFC signal is transferred, i.e., reading data from the chip of the attached card into another mobile device, with which another fraudster is at the ATM, from which he can withdraw money,” said Filip Hanzlík, Executive Director of CBA.
Another significant threat, though not a new one, is investment fraud. Cyber fraudsters try to gain the trust of their victims and, subsequently, their sensitive banking data under the pretext of increasing financial resources through investing. In most cases, they get login details using remote access software, which victims install on their advice on their computer or phone. Experts advise never to succumb to such enticements and always verify all information with the bank.