OREANDA-NEWS. October 26, 2012. MegaFon and Sberbank of Russia warn about reported significant increase in fraud against the customers of commercial banks that manage their bank accounts via Internet through remote banking systems.

Usually the following fraud schemes are used: Hackers distribute virus programs via various Internet resources, from social networks to ordinary news sites. When making an attempt to log in his/her member area a customer, whose computer is infected, is directed to a phishing site, which looks practically no different than the legitimate site of the Internet bank. On a fake site you may be requested to enter your ID and passwords, mobile telephone number and other personal data required to the hackers for fraud.

Instead of the Bank’s help-desk telephone number 8—800—555—5550 hackers give telephone number 7—800—555—5550, that have nothing to do with the Bank.

For protection against hackers “Sberbank Online” (Sberbank Onl@ne) requires confirmation of all financial transactions by a one-use SMS-password, which is sent together with transaction details. Therefore a one-use password is a key element of security, it must not be disclosed to anybody and must not be entered if any details given in the SMS message that you have received, relate to the transaction that you did not perform.

Recommendations of Sberbank of Russia:

How not to become a victim of fraud?

Sberbank never requests passwords for cancelling transactions in “Sberbank Online”. If you are requested to enter a password to cancel the transaction, terminate the service session and immediately contact the Bank.

To log in your member area you only need your ID and a password/one-use password. If you are requested to provide any other personal information, terminate the service session and immediately contact the Bank.

One-use passwords must only be entered if the transaction was initiated by you. Upon receiving a SMS-message with a one-use password, please read it attentively. The password must only be entered if the details of you transaction correspond to the details stated in the SMS-message received.

Cancellation of transactions is not supported by “Sberbank Online”. To receive such a message means that you are attacked by hackers. Terminate the “Sberbank Online” session and immediately contact the Bank.

Make sure that a protected SSL-connection to the official site of the service has been set up: https://esk.sbrf.ru, https://online.sberbank.ru.

How to recognized fraud?

when you try to log in your member area, a mobile telephone number is requested under various pretexts;

the transaction is performed in the unprotected mode (browser icons that indicate operation in the protected mode, are not active);

when you enter the site the internet browser warns that the website is untrusted;

the address may be not one of the official addresses of “Sberbank Online” (esk.sbrf.ru and online.sberbank.ru);

references to the fraud prevention may be missing or inactive.

When using “Sberbank Online”:

use up-to-date anti-virus software and update it on a regular basis;

perform anti-virus checks on a regular basis to reveal malicious software;

timely install operating system updates that are recommended by the manufacturer;

use additional software: personal firewalls, anti-spyware software, spam protection programs, etc.

if you suspect that the passwords (permanent or one-use) were compromised by any third parties (including those who introduced themselves as Bank employees), or in the event of any requests for performance of transactions that were not initiated by you, you must immediately contact the Bank:

(495)-500—0005

(495)-788—9272

8—800—555—5550

8—800—200—3747

Please remember that when managing you accounts via “Sberbank Online” you must be as attentive and watchful as when handling your cash in your purse.