The Romanian Police, the National Directorate of Cyber Security and the Romanian Association of Banks warn of the risk of fraud through spoofed phone calls
May 14, 2024
The Romanian Police, the National Directorate of Cyber Security (DNSC) and the Romanian Association of Banks (ARB) draw attention, through the national awareness project #SigurantaOnline, to the recent increase in fraud through fake phone calls (spoofed). Specifically, the criminals pose as bank officials and use false phone numbers of banks or similar, using novel, persuasive and deceptive speech.
Phone number spoofing is a deception technique in which an attacker changes their phone number so that a different number than the real one appears on the called party's screen. This method is used to mislead the victim into believing that the caller is a legitimate entity, such as a bank or other institution, being used to obtain sensitive personal or banking information.
In recent days, a campaign has been active that uses the names of some banks for fake (spoofed) calls in which attackers call potential victims and present themselves as bank employees
In the current version of the fraudulent campaign, the person called by phone is notified that the requested credit has been approved. The first instinct is to react quickly and take the necessary steps to undo this action. Attackers rely on this aspect from the very beginning, namely the rapid activation of emotion, to avoid the interlocutor acting calmly on the phone and asking the logical questions in this case, or doing additional checks, on another communication channel with the bank or the authorities.
From the moment the called person announces that he has not applied for a loan, the attackers tell him that in that case it is most likely a "fraud" and that they will need certain personal data, authentication data, respectively bank details, to take the necessary steps to report the alleged "fraud" and to recover any lost amounts. This is a deceptive scenario where social engineering techniques are used extremely well and the attackers are very well trained to be convincing and kind.
Recommendations for avoiding attacks by fake (spoofed) phone calls:
- Always verify the source/authenticity of phone calls received through an alternative official communication channel before providing any personal information.
- Reject calls that look suspicious, even if they claim to be from banks or other authorities and their or similar phone numbers appear.
- Do not provide personal data over the phone or bank details! Banks will never ask for bank account password information or bank card details. Do not respond to such requests and end the call immediately.
- Do not discuss loans and money on the phone! A bank will never call users to cancel loans or promise to recover sums of money.
- Report suspicious calls. If you receive a call that seems suspicious, immediately inform the bank/institution on whose behalf the call is purported to be made to help quickly identify attempted fraud.
- Notify the authorities if you have been a victim of fraud. If you have accidentally disclosed personal or card details, contact your bank immediately to block access to your accounts and report the incident to the Police and the National Cyber Security Directorate.
- Tell friends and family about attacks that use tools to make spoofed calls. Thus you directly help to raise awareness of new online threats and to reduce the number of potential victims of these attacks. Help spread these warnings by detailing the novel and deceptive speech used by attackers to reduce the chances of such fraud attempts being successful.
If you have disclosed your bank card details, it is important to contact your bank immediately to block any unauthorized transactions. If you find that you have suffered financial loss as a result of a spoofing incident, file a formal complaint with the Police. Also, inform the National Cyber Security Directorate either by phone at number 1911 or by e-mail at alertsdnsc.ro to help prevent such incidents in the future.
The #SigurantaOnline national digital education project is meant to offer the best cyber security practices, by accessing the sigurantaonline.ro platform, to avoid Romanian users becoming victims of computer fraud. #SigurantaOnline is an initiative of the Romanian Police, the National Directorate of Cyber Security and the Romanian Association of Banks, to which other public-private entities also rallied.
The joint communique of the 3 institutions can be accessed here (Romanian only): Poliția Română, Directoratul Național de Securitate Cibernetică și Asociația Română a Băncilor avertizează asupra riscului de fraudă prin apeluri telefonice false (spoofed) - Siguranta Online
If you have disclosed your Vista Bank card details, you can block it by calling:
- Vista Bank Call Center service: telephone +40.21.222.33.10, available from Monday to Sunday, 24/7