The attack scheme is very cunning – everything looks like a normal login: you enter your data, a spinner appears on the screen, you wait. However, at that time, scammers add the resident’s payment card to the digital wallet with the resident’s confirmation and gain the ability to pay with it at points of sale.
Read more Minister of Energy: Kuprioniškiai substation will be connected earlier than planned
The bank urges customers to recognize one crucial signal: if you cannot log in – it may be a sign that scammers are already trying to log in on your behalf.
How the scheme works
Scammers create very realistic copies of bank websites and invest in advertising in search engines so that their fake links appear at the top of Google results – sometimes even above the official bank website. An unsuspecting resident clicks such a link and lands on a visually identical but fake page.
After entering login data in the online bank, a spinning wheel appears on the screen. Meanwhile, scammers are already using the stolen data in the bank app, and the client sees an animation on the fake site as if the page is still loading. Then the client is asked to enter the PIN1 code, later – a four-digit code received by SMS or email. It is this code, entered without caution, that confirms the addition of the client’s card to the scammers’ device. Having such access, scammers can pay with the card at any point of sale.
One sign you need to know
“The most important signal we want to convey to every resident: if you cannot log in – that is already a warning. All security systems are implemented on official bank pages, and no long login illusion is created during login. And the fact that after waiting a long time you are asked to enter both PIN1 and the code received by SMS or email clearly reveals scammers who expect residents to be inattentive. If you have already entered your login data, we urge you to immediately contact the bank through official contacts and report the incident – a bank specialist will advise on further actions,” says Dr. Dalia Kolmatsui, head of private client services at Artea bank.
Artea bank, together with the National Cyber Security Center, has already blocked a dozen fake bank websites actively created by scammers in the past few days. Residents’ vigilance is especially important now.
“The essence of these attacks is not technology but human reaction. Scammers know exactly that in a hurry or thinking it is just slow internet, people confirm operations they do not even read. One moment’s pause – and the scammers’ scheme collapses,” adds Dr. Dalia Kolmatsui.
Read more 5 minutes on Instagram and your vacation looks unsuccessful: why does this happen?
What to do
Artea bank reminds of several essential rules:
- always type the bank website address yourself into the browser bar.
- Before confirming any operation – read what you are confirming. If you are asked to confirm an operation you did not initiate, it is scammers.
- When logging into online banking, you are never asked to enter the PIN2 code. It is used only to confirm operations.
- If you have even the slightest doubts – disconnect and inform the bank and the National Cyber Security Center (NKSC), which takes care of blocking such websites.
