Attention: There has been an increase in faked e-mails from financial institutions circulating since Tuesday. These are trying to lure e-banking customers to banking websites which are just as fake. Don’t be deceived!
First PostFinance, then UBS: Fraudsters are currently stepping up their efforts once again to lure bank customers to imitation e-banking websites with purported e-mails by various financial institutions. This current phishing wave is aiming to steal access data.
In the process, fraudsters try and put pressure on bank customers: They are misled into clicking a link leading to a faked e-banking website under some pretext or other - for instance that customers will have to update their personal information, otherwise their access to e-banking is going to get cancelled.
In contrast to earlier waves of attacks, these e-mails and faked websites look deceptively genuine both visually and also as far as their contents are concerned, using near-perfect German and original bank logos.
In addition, these websites have a valid security certificate (SSL certificate), therefore displaying a secured connection including https:// and a lock symbol in the browser address line to potential victims. However, you can recognise such fakes by their address which does not agree with the one of the actual financial institution, e.g. «postfinonce-logln.biz» or «ubsserver.net».
It is to be expected that in addition to PostFinance and UBS, more banking websites will be faked and corresponding phishing e-mails sent out in the near future. You should therefore make absolutely sure to comply with the following security recommendations:
- Please be careful when handling e-mails. Don’t ever open any annexes straight away or click on any links, even if the sender looks familiar. In case of doubt, ask the purported sender for verification via a different channel (e.g. the official telephone number of a bank). Financial institutions will never ask you to log into their site or enter your access data by e-mail!
- Don’t let anybody put pressure on you (“Your account will be blocked”, etc.).
- Always make sure to enter the address for your financial institution’s log-in page manually into your browser’s address line.
- Check the SSL connection (green lock, domain name, certificate).
- In case of doubt or error, please contact your financial institution immediately.
- Create a basic level of protection using our “5 steps for your digital security”: Create back-up copies regularly, use antivirus software and firewall, keep operating system and programs up to date, exercise care and remain alert.
Further information on the subject of phishing can be found here.