Cyber attackers want to take your money from your accounts. And to get to them, they would do almost anything. They would steal your personal data and use it to withdraw money instead of you. Or they would sell your data to other criminals who are eager to leave you with no money in the bank.
Once you’ve made the mistake of letting them into your accounts, you’ll never know how many people have access to your money and from which corners of the world they’re trying to steal it. In such a dire situation, you can only do a few things. Even though none of them guarantee you’ll recover the money.
The only way to keep your money safe permanently is to learn how to protect yourself from cyber attackers. Find out everything about how to keep them at bay permanently in this episode of the Stay Cyber Safe campaign.
The advice comes from Mihai Rotariu, spokesperson for the National Cybersecurity Directorate (DNSC), and Silviu Stahie, a cybersecurity specialist at Bitdefender, Romania's leading creator of security solutions.
Attackers always try to "fish" for our data
If you follow the advice on choosing secure passwords and authentication from the first episode of the Stay Cyber Safe campaign, then cyber attackers won't be able to take control of your accounts. They simply won't be able to get enough information from you.
So, they will surely try to get your attention and trick you into giving them the information through other means. If you have an email address, you have already been contacted by attackers numerous times through messages called "phishing."
"The name of the action comes from 'to fish' in English. Let's imagine we're fishing! We follow the process. We bait, we raise the rod, and we cast it into the water...
It's exactly what happens in the virtual environment. The attacker is the fisherman who wants to catch the fish (which is us, internet users). He holds the rod, he throws a certain bait. He's not looking for a specific fish. But he knows for sure that there are fish in the pond. And he tries to catch as many as possible," explained Mihai Rotariu, the spokesperson for the DNSC.
Silviu Stahie, a cybersecurity specialist at Bitdefender, says that phishing is how cyber attackers try to lure us into a dangerous area.
"For attackers, phishing isn't the end goal, but rather a method to hook victims. Why hook victims? What's the end goal? It can be different from case to case. Maybe they're trying to trick us into giving them personal information. Or maybe they want to convince us to open a link and install an app on our phone, which comes with malware (an app designed to disrupt the functioning of the device)," Silviu Stahie explained.
Learn to anticipate attackers' intentions
"Attackers will serve us a story. They will try to convince us to click on a link. This will take us to clone sites that mimic the original ones.
In other words, if the attacker wants to create the impression that we're interacting with a bank, they'll create a clone site that looks like the bank's. If they want to show us that we're interacting with Netflix, they'll create a clone site that resembles the streaming service provider's.
But there will be some differences between the clone sites and the original ones that we can learn to observe.
The clone sites are on different internet domains than the original ones. If we look up, in the address bar, we won't see 'Netflix.com/ro-en', but 'Neflixezz', 'Neflixyz', or even a domain name that doesn't even contain the word 'Netflix.'
This should be a red flag! Let's check: are we on the site we were supposed to reach? If it's not that site or if we're still unsure, then we don't enter our card details there!
And it's good to keep in mind as a general rule: never enter your details on a site you accessed by clicking a link from an email, a message on Facebook, or SMS.
We should open the site separately, typing its name into the top bar of the screen. Once we've accessed the site, we'll check, still at the top bar, that the site's name contains the abbreviation 'https' (a sign that it's secure).
And for additional verification, we can use tools like scamadviser.com. We write the site's name on scamdadviser.com, and it will tell us who owns the site or if the owner is hiding their identity online, but also what reviews other users have posted about the safety of that particular site," explained Mihai Rotariu.
Silviu Stahie says that someone trying to rush us to act online should give us pause.
"Attackers usually try to induce urgency. They somehow have to trick us, to convince us through any means to open the link they sent us or the email attachment or to get us to distribute a message.
The type of message they send us depends on many factors. Among them, the time of year. For example, as holidays approach and messages on social networks and email multiply, the number of phishing messages also increases.
They're usually messages that induce a sense of urgency: 'My package got lost, the money I was supposed to receive has arrived. Or the fine payment hasn't been made... Any such behavior should give us cause for suspicion," explained Silviu Stahie.
Expecting money? Never give out your card details!
"Maybe the story attackers tell us is different: Kaufland is giving us a 500 lei voucher. Or a prize: a phone or a 1,000 euro TV. And they send us a link, even though the real retailer Kaufland knows nothing about it and has no involvement.
Once we've accessed the link, we end up on a clone site. It looks like the supermarket's site, but it's created and controlled by attackers.
To make the story believable, attackers still ask us to do something. For example, answer three simple questions. Or play a game where we choose, among several gift boxes, one that we consider winning. Obviously, no matter what we answer and choose, we'll win!
And now - that we've won - the attacker starts asking for our details. Want the prize? It's yours! But let me enter my name, email address, phone number, and maybe even my ID number.
And - at some point - maybe even the card details. Because - even though I won a 1,000 euro TV - I still have to pay courier fees. They're not much, 10-20 lei at most. And I think: why shouldn't I pay 10-20 lei to receive a 1,000 euro TV? After all, if it's a scam, I'll lose only 10-20 lei, what's the big deal? Many think like that," says Mihai Rotariu.
But you don't just lose those 10-20 lei when you enter your card details on the attacker's clone site. What you're doing is much more serious. In fact, you're giving unknown cyber attackers access to all the money in your card-linked account!
Did you give your card details to the wrong person? How do you solve the problem? Anyone can make a mistake, according to Mihai Rotariu.
"I have a friend who worked for years in IT and banking security. And he fell for it too.
He put something up for sale on OLX. A microphone, I think. He left his phone number there so he could be contacted for details. And he got into an online meeting.
The attackers wrote to him, within minutes, on WhatsApp, on the number he had given on OLX, so users could contact him. 'We saw it, I want to buy it. Are you willing to give me a discount?'
My friend replied that he doesn't offer any discounts. He had just posted the ad. Then the attackers wrote to him: 'Okay, I need it quickly. I'll pay your price.
Enter your card details here so I can send you the money.' The site my friend was asked to enter his details on was a clone of the Fan Courier site.
With his mind on what was being discussed in the meeting he was attending, my friend - who, I repeat, even worked in banking security!! - entered his card details. His mind made some quick connections: 'I'm selling quickly, the courier takes it, I get all the money, they even sent me a payment instrument from the courier...' Of course, to receive money, you have to give your IBAN, not your card details.
You only enter your card details when you make payments, not when you're expecting to receive money. In a few moments, my friend realized the mistake he had made. And he immediately called the bank and blocked his card. And he was shocked that something like this could happen to him too," Mihai Rotariu recounted.
So, when you've entered your details on a suspicious site, here's what you need to do, according to the DNSC spokesperson:
- call the bank and block the card within 48 hours of the incident. You can immediately request another one in digital format that you can use with your mobile phone, no need to wait for the plastic card to access the money in your account.
- report it to the Police, either at the nearest station or at petitii@politiaromana.ro.
- report it to the Directorate for Cybersecurity at alerta@dnsc.ro or at the emergency hotline 1911. Explain what happened, DNSC specialists will analyze the situation and - if justified - issue an alert to warn others to beware of the threat you faced.
Trendy scams. Why you should beware
Mihai Rotaru says that since the beginning of the pandemic - when online service usage has skyrocketed - online scams, called "scams" in English, have multiplied.
The dying Nigerian prince or distant relative who leaves you an inheritance. "We still have the classic stories. A Nigerian prince writes to you that he's dying and wants to leave you a million dollars too. Or a distant uncle who loved you from afar and now wants to leave you an inheritance. They don't give you any links. They don't ask you to access anything.
Instead, if you respond to the email, they'll ask for personal data and - in the end - card details. Because the money is heavy, and to receive the million dollars, you have to pay the courier fees. These fees are paid per kilogram. And you can contribute with at least that much. Just like in the prize case, you think: what if I lose the courier fees, no big deal! But in fact, you're giving attackers access to your card details!" explained Mihai Rotariu.
- False investment opportunities.
He says that in recent months, a new type of scam has spread on social networks.
"At the top are these false investment opportunities that have appeared on networks. On Facebook, for example, attackers use their business accounts to sponsor certain posts. Some are downright absurd. They promise that you invest 950 lei and then earn 10 times more monthly. There are people who - in the absence of financial and digital education - would give the money these attackers call 'investment.' If you click on the sponsored posts, you'll see pictures with Ion Tiriac, Gigi Becali, or the Romanian prime minister and president endorsing certain investment opportunities. Some use the branding of state institutions or companies.
When you access the link in the post, you go to an article that the attackers want you to believe was produced by Digi, ProTV, Antena, and so on, which explains how to invest. One of the problems here is that you don't even know what's behind it.
It could be a Caritas-style pyramid scheme, with cryptocurrencies. Or you just give your card details, pay, and never receive anything. In fact, you've given attackers access to the money in your account! In the case of these posts, what's best to do is report them to network administrators. We have the 'Report' function and mention that the posts fall under 'Fraud' (if we have Facebook in Romanian) or 'Scam' (if we have Facebook in English)," said Mihai Rotariu.
There are also situations where attackers - when they're not very skilled in technology - end up being easily exposed by those they intended to steal from.
During exam periods, we still receive SMS messages like 'Your child has an exam in Romanian tomorrow. I have the subjects. It will cost you 150 lei.' You think. Would you pay 150 lei to be absolutely sure they pass the exam, wouldn't you?
I received such a message and engaged in a dialogue with the attackers. In that case, we weren't talking about educated people. When I said I agreed, I'll pay, they agreed to provide me with bank account details to send the money. You could see the name of the person who owned the account. Obviously, I contacted the police," said Mihai Rotariu.
- Sextortion. Interpol is looking for you, but you can get away with data and money.
Attackers who have gained access to some data might try to blackmail you into giving them data or even money, explains Silviu Stahie.
"There are some messages called sextortion. Users receive a message, often written in very poor Romanian or English, informing them that their devices have been compromised. What devices are not mentioned.
However, the attackers claim that by using password XYZ - and list a password in the message - they gained access to devices and with the camera, they caught the user in inappropriate situations. There's no such thing, in reality, they haven't gained access to anything. But that particular password - mentioned by the attackers - could be real, as it could come from various security breaches. And then, the user gets scared.
Of course, the attacker wants something. And he says that if you send me so many bitcoins, I agree not to make the images public," says Silviu Stahie.
In cases of sextortion, some attackers claim to represent authorities such as Interpol, FBI, CIA, or even the Romanian Police.
Respect the simple rules and stay safe!
In conclusion, cyber attackers have minimal chances of taking your money from your accounts if you are careful online. Check the sites where you enter data rigorously. Don't give your card details until you're sure there's no danger. And if, however, you're afraid you've made a mistake, immediately notify the bank, the Police, and DNSC.
Don't be fooled by ridiculous investment offers or threats you receive online.
Don't let yourself be blackmailed. If you were suspected of violating the Penal Code, for example, the police wouldn't just ask you for explanations by email. If you strictly follow the rules and guard your account access data, you'll be safe online. In the next episode of Stay Cyber Safe, we'll talk about cyberbullying and how to help children grow and cope in a digital world.