The Electronic Security Service under the Ministry of Transport, Communications and High Technologies warns citizens about phishing attacks that have been targeting banks in recent days.
Cybercriminals are trying to seize citizens’ bank information and other personal information by abusing the technical support services of Kapital Bank, Unibank and other banks. Thus, during cyber attacks, calls are made to citizens’ mobile numbers on behalf of bank employees, and they are informed about carrying out money transfer, and for confirmation, card account number, password, confirmation code and other personal information are required.
Another cyberattack in which fake social network accounts are created on behalf of bank employees, requires the provision of card account information and confirmation codes for certain banking transactions.
The aim is to easily make money by trapping users using social engineering methods.
It should be noted that in this type of cyber attack, cybercriminals can use various programs to hide their identities and show their phone numbers to the other party however they want. That is, the number of the bank or other person may be displayed on the screen of an incoming call. In fact, the call is made from a completely different number.
For this reason, citizens are asked to be extremely careful about such calls, not to provide bank information and other personal information to the other party, regardless of which number is displayed on the screen. When you receive such calls or messages, you should first contact the bank or enterprise by other means to verify the accuracy of the information.
In particular, photographing bank cards and transferring them to the other party, sharing the OTP verification codes on the phone with other people can lead to material damage. The person who received card account number, expiration date, CVV code (three-digit code on the back of the card) as well as the confirmation codes can easily withdraw funds from your account.
Please note that no bank requires a customer to provide information such as a password or confirmation code over the phone. This information must be kept confidential and by no means shared with others.
Also, if you encounter such cases or need methodological support, please apply to the Electronic Security Service via the website www.cert.az or email firstname.lastname@example.org.