Security

Important information about cryptocurrency investment scams

This type of fraud is initiated through social networks, email, SMS, phone call, WhatsApp or other messaging applications and consists of presenting to the attackers the false promise of substantial and quick earnings if investing in cryptocurrencies or stock market shares through some investment/transaction platforms, platforms that in reality are under the control of the attackers.

In some situations, the attackers also request the installation of some applications on the mobile phone or computer through which they will be able to obtain access and remote control of these devices, thus creating the possibility of initiating transactions from your bank account.

In such situations it is very important:

To show caution, to request and verify the data of the person who contacts you or the identification data of the companies that make you a "too good to be true offer";
NOT to provide sensitive personal data (e.g. CNP) or bank data (e.g. card number, expiry date, CVV/CVC, Online Banking/Mobile Banking username, access codes provided by the bank via SMS), during the telephone call with the attacker or by accessing the link sent by him via SMS or by other requested methods;

In the unpleasant situation where you were the victim of a fraud of this type, we recommend that immediately after the incident:

Stop any communication with "brokers/intermediaries" and stop making any kind of payment regardless of the reason given (for example, attackers may request additional payments such as "withdrawal fees" or "recovery fees");
If you have installed any application at the request of the "brokers", uninstall it and scan the device with an antivirus program;
To contact us immediately to start the recovery procedures, in the event that they are still possible, by e-mail at infocenter@unicredit.ro or by phone at +4021 200 2020 (call with normal rate from any network) or *2020 (call with normal rate from mobile networks).

Important information about phishing scams

Please be advised that UniCredit Bank NEVER requests confidential information by e-mail, electronic forms or other means of Internet communication, related to either your personal accounts or the accounts of the company you represent in relation to the bank, or card numbers, PIN, or user IDs or security codes used in electronic payment applications.

If you receive any type of electronic message requesting such information:

DO NOT ANSWER the message (e-mails, SMS)
DO NOT ACCESS any of the links mentioned in the message
DO NOT GIVE OUT, under any circumstances, your access password, PIN or any other requested information
URGENTLY CALL +40 21 200 2020 and inform us about the content of the received message or e-mail the message to contact@unicredit.ro.

Malware Warning!

In case you have received or you will receive an e-mail or SMS attributed to UniCredit Bank, with a subject such as "Warning / Invoice / Transfer of payment ..." or similar - please check carefully the content and the sender (From: field from the e-mail header) and delete these messages if they do not come from UniCredit, without opening attachments or links. These can affect (infect / virus) your computer or mobile device.

UniCredit Bank does not send such information to its clients, does not urgently request to authenticate or re-verify your account or card, nor does it request payment of invoices or any other services provided in this way.

For any questions you can find us available 24/7 at Info Center - phone +40 21 200 2020 (regular fee in Telekom Romania landline) or *2020 (regular fee in Orange, RCS&RDS, Telekom Romania and Vodafone mobile networks). Thank you!

Card fraud through the OLX and Whatsapp service platform

Lately, there is more and more discussion about cyber security incidents such as fraud, propagated through the OLX service and through WhatsApp.

Thus, taking advantage of customer trust, there have been attackers who imitate OLX accounts to attract customers to enter personal and banking data on "ghost" sites. The phenomenon is called "phishing" and is the most common fraud in the online environment.

How does it happen?

First, the attackers contact on WhatsApp application a user who has published an announcement for the sale of a product on OLX and declare themselves interested in the purchase. Then, they claim to have made the payment mentioning, however, that in order to complete the transaction and collect the related amount, the seller needs to access a link, where he is asked to enter his card details on which the amount will be transferred. Of course, this is a trap, the attackers stopping any conversation after receiving the card data, and the victims have their money withdrawn from their account.

Recommendations on how you can avoid these fraud attempts:

Carefully analyze and validate the information received, before clicking on links or attachments from unknown sources. Do not provide anyone with complete card details, along with the transaction validation code (CVV). Anyone with access to this data can use the card at any time to make payments. In addition, you can scan such suspicious links with certain tools available for free online, if you do not have a security solution installed on your device, to avoid malware infection or such phishing attempts.

Pay attention to the written expression of the interlocutors, as well as to the grammatical correctness of the text. Most of the time, the attackers are not of Romanian origin and use automatic text translation tools to talk to potential victims in their native language.

In case you have fallen into this trap, it is vital to contact UniCredit Bank as soon as possible, in order to block the card and any unauthorized transactions in the account. The card can be blocked both from the Mobile Banking application from UniCredit Bank and at the phone number +40 21 200 2020 (regular fee in Telekom Romania landline), * 2020 (regular fee in Orange, RCS & RDS, Telekom Romania and Vodafone mobile networks), or 0800 888 111 (toll free; phone number available only for locking / unlocking payment instruments / security items).

Afterwards, if you have suffered material damage, you will have to file a complaint with the nearest police station, in order to open an investigation in this regard.

The UniCredit Bank team

Tips to protect your computer routines

These days, connecting with digital services is a daily practice: each day we communicate, speak and pay using PCs, smartphones and tablets.

This is why the topic of IT security is becoming increasingly important. Given the immediacy and ease with which we connect to the web through wi-fi and mobile networks, close attention must be paid to ensure secure access to email, home banking and social networks and to prevent thefts of information and money.

We must never lower our guard, specially in the current Covid-19 health emergency period that could prove to be fertile ground for attempts at fraud and phishing.

To help prevent these occurrences, we recommend that you pay close attention to requests that may come via email, SMS, WhatsApp, calls and chats wich contain information or requests relating to Covid-19.

In this regard, we remind you that when UniCredit sends you a message or a communication it does so using only official channels (UniCredit does not use WhatApp to communicate with its customers) and never asks the security codes of your internet banking service, your credit/debit card numbers or other personal data.

Here are some practical tips on how to behave to safely manage your computer routine.

Phishing: how to recognize it and defend yourself from scams

In a sea of emails, there is always some bait ready to mislead you. Don't put your security at risk: it is important to recognise attempts at phishing so that you can't be reeled in.

Vishing and Smishing, the latest in cyber scams: be careful of text messages, WhatsApp and fake call centres

Suspicious links and unlikely promotions are wake-up calls for scams, hacker attacks and IT virus. Better not to be caught unprepared!

Password: how to create, remember and manage them safely

Does every application need a password? There are so many of them and it's not easy to remember them all. What you need to do is find the right way to choose them and keep them safe.

Dangerous files: how to protect your devices from viruses

Prevention is better than cure! Computer viruses are contagious but the best doctor for your PC and devices is you.

Tips to protect your computer routines

Is your password safe? What counts is using more than one

Never use the same password for different accounts. Always protect your email, social media profiles, user profiles associated with home banking services, credit cards, financial products and investments with different passwords. Indeed, if a hacker were to attack one of your accounts, they could also access the other ones protected with the same password, and access your user profiles.

Don't get reeled in by phishing

To force a security system protected by a password, a hacker often resorts to phishing: through email messages, which appear to have been sent from a bank or website, the recipient receives an urgent request to login. As soon as the user logs in, the data entered land directly in the hands of the cyber criminals. Always verify the sender: these phishing emails are easily recognised since they often conceal two different or strange addresses. And never click on an offer you haven't requested.

Document you haven't requested? Bin it!

If you receive an email with unusual links or attachments (for example notarised documents or other types you do not deal with as part of your job), be cautious and refrain from clicking on or downloading these. And never reply to the sender providing them with the requested data.

Words are important and they should be correct

Pay attention to the subject of the email: if it contains grammatical errors or is inconsistent with your native language, bin it without opening it. Many hackers try to enter the profiles of users in various parts of the world with texts translated through online translation services that have yet to be perfected and therefore it is quite easy to see that they were generated by dubious sources.

In the case of files with suspicious filename extensions, the rule is: bin them!

When you receive an attachment, always check the filename extension before double clicking on it. Besides files with the .exe filename extension, viruses concealed in false invoices, fines, shipping delivery notices, etc. also spread quickly and are usually sent as .doc and .pdf files. Be very wary of files that do not have one of these extensions: if you receive one, don't attempt to understand what it is, rather bin it immediately.

Never lower your guard: even the most harmless emails can be dangerous

One of the strategies used by hackers is that of spreading viruses through email messages with suspicious attachments, for example, chain letters. Often the subject of these emails appears harmless, making you lower your guard. But be careful! Through the attachments to be downloaded and installed, these are precisely the kinds of email messages that allow IT pirates to enter your user profiles. In this case, never answer or forward these emails: bin them and empty the bin.

Going on holiday is OK, but letting everyone know opens you up to problems

If you are out of the office, only set the Outlook out-of-office automatic answering service for recipients within the company, and not for external recipients. This way you'll avoid letting any potential hackers know that you won't be around on a daily basis for a while.

Keep a close eye on your account: in the case of suspicious transactions, contact your bank

Check the transactions on your bank account at least once a week and, if possible, activate the SMS alert service that instantly notifies you of any transactions involving money leaving your account. If you note any transactions or charges that are off, contact the bank immediately to request clarification and, in the case of operations that have not been requested, report the occurrence immediately, providing any information that might help identify the origin of the infringement.

Internet banking is a secure service that is easily accessible from devices including computers and smartphones. You need a PIN number to access UniCredit's system. However, you also have to manage other, personal passwords, where an alphanumerical option is better. Let's have a look at the precautions we need to take.

Safe surfing: here's how to avoid getting trapped in a (public) net

Your device is at risk when you're connected to unsafe wi-fi connections, since they make identity frauds attempts more likely.

Better safe than sorry! How secure are public wi-fi networks?

Are public wi-fi networks safe?

Free public wi-fi networks such as those offered by shopping malls, airports, hotels or resorts, are not always secure and you must follow some procedures to check and make sure that you have not made any sensitive data available to hackers. Firstly, once your smartphone or laptop has found a free wi-fi network, ensure that it is protected, i.e. that you need to sign up to use it and must login with a user ID and password supplied by the service provider.

Using websites when on the move: how do I browse remotely and securely?

When you browse far from the office or home, always check the security protocols of the websites you are visiting: only use an HTTPS that supports SSL (Secure Sockets Layer). Avoid logging into financial services (such as home banking) or paying with credit cards when you are not 100% sure that your wi-fi connection is secure.

Is there an alternative to wi-fi for browsing far from home and the office?

Yes! You can use a hotspot with a data connection (all mobile phone providers offer this service) or use your smartphone as a hotspot to browse with a computer. In these two cases, rather than using the wi-fi network you use the tariff plan of your mobile service provider. For professionals who are always away on business, an advanced solution is a VPN connection (Virtual Private Network) which is activated when you find a wi-fi network. In this case, an encryption tunnel is created through which the data travel, making a potential attack by hackers extremely difficult.

And what if I'm abroad?

Our first tip is that you should install all the software and app updates available before your departure using secure connections (at home or in the office). In this way, you'll avoid doing this when you leave the country where your data connection provider operates. Additionally, change your passwords regularly with an update to make them less vulnerable. And finally, only use protected wi-fi connections (see question 1) and, if possible, a VPN (question 3).

How secure are my profiles on social media networks?

Social media networks enable you to publicly share your location and other personal information. To avoid becoming vulnerable to cyber attacks, remember as follows: do not accept contacts from strangers; register with a different email address from the one you use for work; enable dual authentication and regularly update your passwords; optimise the privacy settings for the various social media networks. Finally, try to always be pro-active. In the case of suspicious activities, many social media networks send notification to the email address you registered with, reporting the date, time, place and browser used and asking you to confirm the attempt to access your profile. If it wasn't you, change your password immediately!

Phishing and scams by email: a risk for the self-employed and SMEs

A sudden change in a traditional payment method or an unexpected request from one of your suppliers sounds like a wake-up call. Find out how to protect your self!

UniCredit ATMs: secure withdrawals

Do you want to withdraw cash safely?
Find out how to protect yourself.

Withdrawing money from an ATM is something we do daily, often paying little attention to our actions. Yet users are regular victims of theft and fraud, crimes that are not limited to the elderly, as many people think. The Italian Postal Police report almost daily cases of 'cash trapping' to steal the bills distributed.

To protect its clients from risk, UniCredit uses ATMs equipped with the latest tamper-proof technology. For example, the card entry slot is protected by its special shape that prevents fraudsters from copying the magnetic strip. A message on the screen informs users immediately when withdrawal is not available. If, however, it is available but cash cannot be dispensed due to technical problems, the operation will be cancelled immediately.

What are the modus operandi of these fraudsters?

One trick is the 'forking' technique. A handmade tool measuring about 18 cm long (called a 'fork' because of the two tongs on one end) is inserted in the ATM slot that distributes the cash to capture the bills before they are released.

Once the 'fork' is in place, when an unwitting customer makes a withdrawal, the bills are blocked inside the machine, leading to believe there is a technical problem. All the thieves have to do is wait for the person to leave, then remove the device to recover the money.

Another scam frequently reported to the Authorities concerns ATMs located inside bank branches. In this case, a fraudulent device installed on the door exit release in the ATM lobby, captures the customer's card and dispenses a clone, hanging on to the real one. Often, to keep the hoodwinked customer from noticing the card switch, a few accomplices rush in and pretend that they need to make a withdrawal, thus hastening the victim out the door.

Therefore, since Forewarned is Forearmed, it is important to adopt common sense safety behaviour when you withdraw cash. Before the transaction, always make sure there is no one looking over your shoulder, shield your PIN code from indiscreet eyes, choose ATMs in central and busy locations and try to make withdrawals during the daytime.

Activate now Mobile Banking

Activate now
Mobile Banking