Safe Banking
Cyber criminals are exploiting the fear and uncertainty surrounding the outbreak of the respiratory disease COVID-19 to obtain your personal data. In the current climate, you should pay particular attention to e-mails, text messages and social media posts referencing the pandemic. They could be attempts at fraud.
Beware of coronavirus phishing!
- The criminals masquerade as reputable authorities to entice you to establish contact with them about the coronavirus pandemic
- These types of fraudulent messages, fake websites and online forms are designed to get you to reveal sensitive information about you, such as your log-in data for online accounts, credit card details and mobile phone numbers
- In other cases, you may be invited to click on attachments or links, which can infect your computer or smartphone with malware which has the ability to access your sensitive data and even encrypt it for purposes of extortion
- Security experts have observed an increase in these kinds of phishing attacks via e-mail, text message, phone call, messenger service and social media
Current fraud variants
- The ‘latest information’ is offered about COVID-19, for instance on the high-risk areas in your city, in the name of a reputable health organisation such as the WHO, the Centers for Disease Control and Prevention (CDC) or the Robert Koch Institute (RKI). This information can be accessed by clicking on a link or entering the log-in data of your e-mail account
- Fraudsters contact you by phone, e-mail or text message in the guise of a public authority to announce that you are eligible for a grant under a coronavirus emergency support programme. You are asked to provide details of your PayPal account and other sensitive data in order to receive the payment
- You receive notification of the alleged closure of the branch of a bank or a medical practice – on which pretext you are invited to verify your personal data
- A fake e-mail purportedly from your employer’s Human Resources department is sent to your work e-mail address; it contains a link to management guidelines relating to the coronavirus crisis for your perusal
- A hospital informs you that you have tested positive for COVID-19, and are therefore asked to supply personal information or to click on a link
- You receive a text message recommending an app that will allegedly show you people who have tested positive for COVID-19 in your neighbourhood – once you have made a small credit card payment
- You are asked to make a donation to the coronavirus cause in the name of a reputable aid organisation. The account details stated are those of a fake PayPal or other account
- You are informed that the costs of cancelled flights or booked accommodation will be reimbursed
- A website suddenly appears in your browser, prompting you to download a malicious app with suggestions on how to protect yourself against the coronavirus
- An item of fake news takes you to a website offering products currently in short supply, such as disinfectants, respiratory masks or protective gloves; these will never be delivered
Other threats
- Be extremely wary if you receive a phone call from somebody claiming to be a distant relative or acquaintance and asking for financial support because of the coronavirus crisis. Verify the person’s identity and reason for calling. Ask him or her for details of e.g. their location, profession or personal circumstances which can be verified via independent sources
- Cyber criminals exploit the fact that many people are currently working from home. If you are one of them, beware of fraudulent e-mails and phone calls from scammers masquerading as new colleagues, customers and the like
How to protect yourself
- Recognising and repelling phishing attacks
a) Do not open any suspicious e-mail without first checking / verifying the sender’s address
b) The full e-mail address will be displayed if you hover over the sender’s name with the mouse
c) If the suspicious e-mail has purportedly come from a reputable organisation, you should check whether the e-mail address it was sent from contains the same destination address (domain name) as the organisation’s bona fide internet address
d) How to identify the destination address in an internet address (URL):
1. Starting at “://”, look for the next slash:
http(s)://some-random-words.destinationaddress.com/some-other-random-words
2. Move backwards over the domain ending “.com”, “.org” or “.de” to the next dot on the left. Between this dot and the slash to the right of it is the destination address:
http(s)://some-random-words.destinationaddress.com/some-other-random-words
e) Never click on attachments or links in an e-mail if you are not absolutely sure that it is trustworthy. Verify the sender and pretext for sending the e-mail, for instance by phoning a phone number already familiar to you
f) Delete suspicious e-mails immediately
g) Fake log-in pages are often difficult to distinguish from the original. So, never enter confidential information such as credit card details, passwords and other log-in data on websites you have opened by clicking on a link in an unsolicited message
h) Never click on links in suspicious text messages, messenger service or social media posts. Even telephone numbers or profiles that appear to be trustworthy can be fake
i) Don’t engage in phone conversations with dubious callers and never divulge sensitive information. End any calls from voice robots immediately. If the phone call could be genuine, ask the caller if you can phone back. Use the time at your disposal to check the caller’s identity and the reason for the call – perhaps by phoning the organisation for which he or she claims to work - Trustworthy sources of information
a) Reputable health and aid organisations will never send e-mails asking you to enter personal information on websites
b) If you have questions about the coronavirus pandemic, you can find information on the websites of the Centers for Disease Control and Prevention (CDC), the World Health Organisation (WHO) and the National Institute of Health (NIH)
c) The coronavirus map currently most commonly faked by crooks is the one provided by Johns Hopkins University in the USA. Its genuine internet address is https://coronavirus.jhu.edu/map.html
- Online banking
a) Deutsche Bank never sends its customers e-mails containing links to online banking with a request to enter account numbers, credit card details and log-in data. Follow our security advice on digital banking
b) Be wary if the internet address of an online banking log-in page starts with a number instead of the bank’s domain name
c) Never log in to online banking on an unfamiliar computer
d) Don’t save your log-in data in your browser
e) Change your PIN regularly and use the customer log-out function
- Password security
a) Never use the same password for multiple accounts, cyber criminals who have managed to steal a password from you could gain access to your other accounts by means of what is known as “credential stuffing”. The risk of this is high if you already use your e-mail address as a user name for several accounts
b) Do not give passwords to others
c) Pick passwords of at least 15 characters in length which contain a mix of upper-case and lower-case letters, numbers and special characters. Such passwords only need to be changed if you suspect that they might have fallen into the wrong hands
d) Never save passwords as digital notes, e.g. in the address book of your smartphone or in documents on your computer, server or in your cloud
e) Use two-factor authentication whenever you can
- Computers and routers
a) Always keep your operating system and software up to date by downloading manufacturer updates regularly
b) Install anti-virus software and keep it up to date
c) Back up your data regularly
d) Don’t use the automatic form-filling function to complete input masks in your browser
e) Protect your router with a strong password of at least 24 characters in length, otherwise criminals could install malware remotely on your devices. Cyber criminals are currently using this method to lure you onto fraudulent websites related in some way to the coronavirus pandemic
- Smartphone security
a) Cyber criminals attempt to steal log-in data from your smartphone via infected apps, thereby posing a threat to the security of two-factor authentication and the like
b) Only download apps for your smartphone and tablet from reputable sources such as the Google Play Store or Apple’s app store
c) Restrict the access rights of your apps. Do not allow an app to access text messages
d) Always keep the operating system of your smartphone and your apps up to date, updates resolve security vulnerabilities as they become known and fixes implanted
e) Pay attention to any signs that may indicate the presence of malware on your smartphone: a sluggish device, short battery life, memory that is suddenly full, appearance or disappearance of apps without any input from you