Safety

UniCredit Logo
Back to top

Internet and Electronic Banking Safety

We have recorded an attempt to obtain login details for Online Banking. For example, fraudsters refer you from an email to a page that looks similar to the login screen for Online Banking.

Be careful and pay attention to:

  • suspicious email addresses of the sender
  • non-standard texts and urgent calls to action
  • unusual web addresses
  • inability to switch the language version - fraudsters usually have fake pages prepared only for Czech

If you are not sure, do not hesitate to contact our Infoline at +420 221 210 031.

 

 

 

 

 

 

We have recently detected fraudulent ads misusing the name of UniCredit Bank,.  The adswhich offers offer active clients a financial reward on the occasion of "our birthday" and encourages clients to complete a quiz. However, these questions lead to your banking login or card details being elicited.

Do not click on the link and do not enter your Smart Banking login, password or payment card details anywhere.

Think critically and follow the golden rules:

  • Never enter your Smart Banking login details, password, or activation codes into forms on the internet, Facebook and social media, or via a click from an unknown link.
  • Always log in to Smart Banking and Online Banking only through the official app or the bank's website, never by clicking on an unknown link.
  • Always enter your payment card details on your own initiative, never on the initiative of another person (SMS, e-mail, social network message, ...).

Do not share your Google Pay and Apple Pay card activation codes with anyone.

If you notice an attempt at fraud, please contact our Infoline +420 221 210 031. 

 

vzorový evizuál s reklamou

vzorovývizuál s reklamou
 
 

A message from your “mom,” “sister,” or friend?  Be careful, it could be an attempt to scam you. The new trick is that fraudsters impersonate your loved ones, inform you about a change in their phone number, and ask for money under the pretext that they are in a difficult situation. Once the fraudsters have gained the attention and trust of the victims, they immediately ask for money. They often use pressure. They claim that they need funds to immediately buy a new phone or to solve another crisis situation, such as housing, flights back home, etc.

It is important not to be manipulated and to verify all information. Before you do anything, make sure who is really on the other side. Fraudsters, together with the use of artificial intelligence, can find out a lot of personal information, both from various databases and from social networks, which they do not hesitate to use when attempting to scam.

Keep in mind that you can also become a victim of fraudsters. Be careful and if you have the slightest doubt, contact our Infoline +420 221 210 031, where we will be happy to help you!

Are you familiar with the new methods of financial fraudsters?

Knowing the methods of financial fraudsters is the ideal way to avoid falling for them. That's why we regularly inform you about emerging types of fraud to help you protect your finances. This time we bring details of the misuse of so-called NFC technology to withdraw cash without a card. NFC is a wireless technology that allows fast data exchange at a distance of up to 4 cm.

How does it work and what to pay attention to? It all starts out innocently enough. You receive a text message asking you to update your banking app, but it contains a fraudulent link. If you click on it, you'll download a fraudulent app to your phone. You will then be contacted directly by the fraudster stating that your account has been hacked. They trick you into downloading another fraudulent app to get your card PIN. They will then ask you to tap your payment card to your mobile phone. Thanks to the fraudulent app, the NFC chip reader reads and transfers the card data to the device of the fraudster, who is already at the ATM withdrawing cash from the account.


How not to get fooled?

  • Be cautious and do not click on links that are contained in text messages/e-mails.
  • Only update the mobile banking app from the bank's official website or official App Store / Google Play stores.
  • Do not disclose your payment card PIN to anyone.
  • Never attach your mobile device to the card when prompted by an unknown person.


Keep in mind that you too can become a victim of fraudsters. Be cautious and in case of the slightest doubt, please contact our client Infoline on +420 221 210 031. 

 

 

Are you the owner of a smart device with the Android operating system? Be careful. Recently, there has been a bag of fraudulent applications. They come under different names, currently PDF AI: Add-On, Android Core OS, Phone Cleaner: File Explorer. The apps contain a malware threat that waits for the right opportunity to attack mobile banking and other apps on the phone. If you enable the app to remotely control your phone at the same time, there is nothing to prevent attackers from accessing your account.

How do you know if your phone is likely to be hacked?


Warning signs in the device:

  • Google has signed you out of your Google Account, citing device malware protection.
  • You'll notice odd things like pop-up ads that can't be closed.
  • You see warnings about a virus or infected device.
  • The antivirus software you are using has suddenly stopped working.
  • The device is suddenly much slower and/or the free memory space has decreased significantly.
  • The device has stopped working properly or does not work at all.


Warning signs in the browser:

  • You see warnings about a virus or infected device.
  • You get pop-up ads or new tabs that you can't close.
  • In the Internet browser Google Chrome, you find unwanted extensions and bars that you cannot get rid of.
  • Browsing is out of your control and you are redirected to unknown sites or advertisements.
  • Chrome's home page or default search engine is being changed without your permission.


How to keep a safe environment on your phone:

  • Do not install applications from unverified sources.
  • Control what rights you grant to new apps.
  • Check the list of apps on your phone. Do you have an unknown or unused application in it? Delete it or remove unwanted access from it.
  • Update your phone's operating system and browser regularly.
  • Use fingerprint or facial recognition.
  • Have an antivirus program on your phone.

More detailed information about malware and how to fight it directly from Google can be found here: Remove malware or dangerous software - Android - Help Google Account

Keep in mind that you too can become a victim of fraudsters. Be careful and contact our client Infoline +420 221 210 031 if you have the slightest doubt.

 

Beware of the SIM Swap scam - what is it?

SIM Swapping is stealing a phone number and blocking the SIM card of the victim. In the event that your SIM card stops working, immediately contact your operator to see if your SIM has been blocked card has been blocked. We also recommend checking your account and transaction history.

In case of doubt, please contact our Infoline +420 221 210 031.

 

 

Dear clients,

we warn you about numerous fraudulent phone calls. Fraudsters are sophisticated and, in addition to manipulative techniques, can impersonate the phone number of a Bank or other institution in order to instill confidence in the caller. Impersonating a bank employee, they tell clients that their card has been blocked, their account has been hacked, and that their funds are at risk. They invite the transfer of the client's funds to a fraudulent account, which it presents as a protected UniCredit Bank account.

Our bank never requires such actions either by phone, sms or e-mail. Never trust such phone calls and never share your login details, card number, PIN, etc.

As part of protection against cyber threats we have introduced a check in the list of risky IP addresses managed by the multinational company Webroot - www.brightcloud.com.

With this check your IP address was evaluated as risky and therefore we recommend you the following procedure:

  1. Find out your IP address (for example, by querying Google: "What is my IP")
  2. Verify the IP address at: https://www.brightcloud.com/tools/url-ip-lookup.php
  3. In case of positive identification:
    • Ask on www.brightcloud.com to remove your IP address from the list
    • Ask your internet provider for a valid IP address

Of course, your banker will also be happy to help you with this process.

Don't underestimate security and preferably scan your computer and ideally other computers on your home network for malware using an antivirus program.

For protection, we recommend regularly updating the operating system, having a properly configured firewall and active anti-virus software

We also recommend having a static IP address that is unchangeable so that the situation described above cannot occur.

Sometimes it is enough to turn off your home router and after a while, ideally leave it turned off overnight, turn it on again. This way, you can get a new (different) IP address from your ISP, which may no longer be on BrightCloud's list of risky IP addresses. However, it is not guaranteed that the Internet provider will not assign you a problematic IP address again in the future.

We are alerting you to a fraudulent e-mail that is intended to give the impression that it was sent from UniCredit Bank.

The email prompts users to open a link and then enter their login and personal information on the fake page.

Do not respond to this email in any way, do not click on the link or open any attachments. Do not enter your personal information anywhere. UniCredit Bank never sends such e-mails to clients.

If you have received this e-mail and entered your information on a fake page, or if you notice anything suspicious in connection with your internet or mobile banking, do not hesitate to contact the UniCredit Bank Customer Line at 221 210 031 immediately.

Main signs of fraudulent e-mails:

  1. Suspicious email address (incorrect domain, combination of letters and numbers, etc.). Although the link looks like UniCredit Bank, when you click on it, the real address will be displayed, e.g. https//UnіϹredіt.cz/login/ověření => real address: https://busycows.ca/wp-admin/DU. So you need to check the destination address before clicking on it.
  2. The text is usually not 100% grammatically correct, however Artificial Intelligence is making great progress and the texts are becoming more and more perfect
  3. Creates pressure to take action, e.g. if you do not log in today, the account will be blocked immediately, etc.

Log in to internet banking primarily from the link on the website www.unicreditbank.cz

Always check that you are on the page:  https://cz.unicreditbanking.eu/en/login_form?reload=t

Recently we have seen an increase in fraudulent SMS and emails abusing the name of shipping companies (e.g. DHL etc.) requesting information to be completed for delivery.  You have already entered your details when ordering the shipment and the official carrier never checks them again. Fraudulent SMS or emails usually come from foreign phone numbers or unofficial emails. So if you are expecting a shipment, check the status of the shipment by the shipment number on the official carrier's website. In any case, do not respond to the SMS / e-mail and do not click on any embedded links.  

In case you are not sure, do not hesitate to contact the trader or carrier directly.
 

We are seeing an increased number of cases where the client is asked to forward the activation SMS for Smart Banking. This SMS is always for you only and under no circumstances should you forward it to anyone. If you do so, you may be allowing a fraudster to install Smart Banking on your phone to access your account(s). If you have any suspicions, call us at +420 221 210 031.

If someone asks you to forward the SMS below, they are trying to gain access to your account and are a fraudster.


CZ app – iOS


CZ app – Android

We have seen an increase in fraudulent calls where the caller pretends to be the police, a call centre operator or a bank security officer and reports that your account has been hacked or a loan has been arranged in your name.   

  • Never send funds based on a phone call or deposit funds in unknown boxes. Neither the police nor the bank will ever ask you to deposit or transfer your money over the phone.  
  • Do not tell the phone what bank you have an account with or your credit card, account or access details. 

Recently, there has been an increased fraudulent activity in the Czech Republic. That is why we would like to draw your attention to two very common fraud scenarios:

Selling goods through an advertising platform

If you are selling goods through an advertising platform and you are contacted by a potential buyer who offers to pay for the goods to your payment card, pay attention. Such a buyer usually wants to know your payment card information (card number, validity, CVV / CVC code, PIN or one-time code) in order to transfer money to your card. 

It is not possible to make transactions “to a payment card”; such scenarios are always fraudulent and if you provide your payment card details, your card will be misused by the fraudster.

Always pay attention when using advertising platforms to sell goods. Do not respond to offers to send money to your card and never enter the card details in a form sent to you by the buyer.

Fake Microsoft support service

A fraudster pretending to be a Microsoft employee calls you (usually from an international number and the call is in English) and informs you of a problem with your computer. He or she invites you to install an app and wants you to allow remote access to your computer or pay a technical support fee. Pay careful attention! Microsoft never asks clients to allow remote access to their computer.  

Never share your payment card information, install unknown apps, or allow remote access to your computer, Internet banking, or your data based on similar calls.

Read more information on frequent fraud and security advice HERE.

If you are not sure about the authenticity of incoming e-mails, messages or calls, please contact the UniCredit Bank Infoline at +420 221 210 031.

 

 

The most common tricks of scammers

If you have a credit/debit card, be careful when using it. Even you can become a target of the scammers.

 

The credit/debit cards are often a target of the scammers who try to obtain necessary data and then misuse it for fraudulent transactions or ATM withdrawals.

When the scammer is trying to obtain credit/debit card details, they do not introduce themselves by the specific bank name and therefore these attacks are much more universal than attacks targeting the Internet or mobile banking.

 

What are the most common types of scams, how to identify them and how to prevent them?

  • Your card has been blocked
    The user receives an e-mail or a text message informing him/her that his/her card has been blocked for various reasons and to unblock it the user has to click on the link and enter the card details to verify or to send these details back in the reply.
    Such messages are always fraudulent, banks do not verify clients in a similar way, and if the card is actually blocked for security reasons, it is not possible to unblock the card in this way.
    Under no circumstances enter or send card number or other information based on similar messages. If you receive a similar message, contact the bank's Infoline or your banker to check the situation.
  • Your card has been misused and needs to be blocked
    As in the previous case, the scammer informs the user that his/her card has been misused and must be blocked. This information is often reported by a phone and the scammer requests, under the pretext of user authentication, the full credit/debit card number and other details such as card validity, CVV/CVC code, PIN code or one-time authorization code.
    If the bank blocks the card for security reasons, it never asks the user for the full card number, CVV/CVC code or one-time codes for transactions.
    Under no circumstances provide the entire credit/debit card number, CVC/CVV code, PIN code or one-time transaction codes based on a similar call. If you receive a similar call, contact the bank's Infoline or your banker to check the situation.
  • Apple Pay and Google Pay
    With the launch of Apple Pay and Google Pay, scams using their name began to appear.
    The user receives an e-mail or a text message informing him/her that their Apple Pay or Google Pay account has been blocked and should click on the attached link to unblock it. After clicking, the user is redirected to a website where he/she has to enter their credit/debit card information. However, this message and the website are fake and have nothing to do with these services.
    The user always manages credit/debit cards in connection with Apple Pay and Google Pay directly in the Apple Pay or Google Pay application.
    If you receive a similar message, check it in Apple Pay/Google Pay application and check the situation in your account settings. Do not use the links provided in the fraudulent message to open the application.
    Do not enter your credit/debit card information or PIN on suspicious websites based on similar messages.
  • Undelivered shipment
    The user receives an e-mail or a text message that the shipping service could not deliver the package due to unpaid transport or customs duties. The apparent arrears are usually small – a few euros. The message also contains a link to the payment gateway, where the user has to enter the details of the credit/debit card and pay the arrears so that the shipment can be delivered to him/her. However, both the message and the payment gateway are fake.
    Shipping companies usually do not send similar e-mails. Neither the sender's e-mail address nor the payment gateway's web address belongs to real companies in the event of fraud, but they often try to imitate the real address.
    If you receive a similar message and you are unsure of its authenticity, contact the shipping company directly to verify the information. Also, make sure that the email sender's address matches the actual shipping company address. Do not enter your credit/debit card information based on similar messages.
  • A loan for a friend
    The user is contacted via Facebook or Messenger by their friend with a request for a small loan, usually a few euros. If the user agrees, the friend will send him a link to the payment gateway, where he/she has to fill in the credit/debit card details and send the transaction. However, the friend's profile is fake and so is the payment gateway. If the user enters credit/debit card details here, the scammer will immediately use them to transfer a higher transaction. When confirming this transaction, the user may not notice that he/she authorizes a much higher amount than the agreed few euros.
    Friends' loan requests via Facebook or Messenger are in most cases fraudulent. The friend's profile and the payment gateway used are fake, the payment gateway address does not belong to any existing company, but it is often similar to the actual address.
    If you receive a similar request, contact a friend by phone and verify the authenticity of the request with him/her. Also, make sure that the payment gateway address is correct and that the website is secure.
  • Cheap goods in e-shops
    The store offers goods for a fraction of their actual price and entices the user to bargains. Reviews of satisfied users who praise the quality of goods and speed of delivery are often listed directly on the website. However, these reviews are fake and the store fraudulent, not only does the user not receive the purchased goods, but often the credit/debit card details of which were provided by the user when paying for the goods can be misused.
    By law, the seller's identification and contact details and terms and conditions must be provided at the store's website. Secure stores use encrypted communication to sign in or pay – at the beginning of the address is https.
    If you come across similar store, check to see if it is run by an existing company. Find reviews of this store online (but don't believe the reviews listed directly on the store's website) and check the website's security. If the store is suspicious, don't shop there.
  • Online bazaars scammers
    You will recognize the scammers on the online bazaars by the way they communicate, most often they will contact you via an e-mail or a chat applications such as Messenger, WhatsApp or Viber. It is mostly an urgent communication. The scammer will want to send a courier to pick up the goods. The scammer will then send you a link with the payment gateway and will ask you to enter your credit/debit card details to send the funds for the goods directly to the credit/debit card. In reality, however, multiple scenarios may occur. For example: 
  • The scammer adds the credit/debit card to Apple Pay/Google Pay, requests a code to confirm, which you will receive via a text message. The scammer will then make the payment, without any further confirmation.
  • The scammer will pay online, for which the scammer will ask for your confirmation, which you will receive as a push notification in your application.
  • Always read the message you are confirming and never confirm a transaction you do not know. Also, never share your Apple Pay/Google Pay activation code with anyone.
  • Microsoft support
    The user is called by a fraudster who pretends to be a Microsoft employee. He or she calls about a problem with your computer and requests that you install a fraudulent app, allow remote access to your computer, or pay a technical support fee. The fraudster usually calls from foreign numbers and the call is in English.
    Do not share your payment card information, install unknown apps, or allow remote access to your computer, Internet banking, or your data based on similar calls.

 

Helpful hints:

  • The bank does not send their users information about blocking the credit/debit card via e-mail/text message with the option to unblock it via the attached link. Do not respond to such messages.
  • Always check carefully the messages requesting  your credit/debit card information. Focus on the sender's email address, the link address. If you are unsure, contact the alleged sender by phone – look for contacts on the Internet, do not use those listed in the suspicious message.
  • Check the security of the website – lock and https: in the address bar. The lock provides information about the certificate of the site, https is a protocol providing encrypted communication. Never enter information on a website that uses the http: protocol.
  • The credit/debit card number is in most systems in the format 1234-56XX-XXXX-1234, while the 6 middle digits are masked. Never share these numbers with others via e-mail, text message or phone call.
  • PIN code is only used to identify the user at the ATM or to confirm terminal transactions. However, in no case does it serve to identify the user when communicating with the bank, so never report or send it to anyone.
  • Always read the text of the received text messages carefully, and if it is meaningless or does not correspond to the activity you are performing, be careful.
  • Have the credit/debit card limits set correctly, both for the payments via the Internet or at merchants, as well as for the ATM withdrawals. If necessary, it is always possible to temporarily increase these limits.
  • Pay attention to grammar and typos. Although phishing messages today are at a higher level than in the past, they often still contain typos and errors that can warn the attentive user.
  • If you are unsure, contact the bank's Infoline +420 221 210 031 or your banker and ask them to verify the messages received.

Companies: Fake Invoices and CEO Fraud

Beware of fraudulent e-mails sent to companies with the aim of inspiring trust and attempting to relieve the corporate accounts of money.

Fake Invoices and CEO Fraud are types of fraudulent conduct which more and more companies have come across recently. The fraudsters are trying to imitate communication with the company’s manager or supplier and subsequently to trick employees to send money from corporate accounts.

 

 

How does it work?

  • Fake Invoices
    The fraudster may send an invoice to the company giving the impression it was sent by the company’s supplier. In the majority of cases, the fraudster uses an e-mail address that only looks similar to the actual supplier's e-mail address, however, there are also cases when an e-mail is sent from a genuine e-mail address. The fraudster could trace the link between companies on the Internet but the e-mail box of one of the companies might also be compromised and the existing communication monitored.
    In such case, the invoice itself can appear very plausible, differing only in the supplier’s account number. Frequently, the victim notices such a change, however, and asks for confirmation via a message to the fake e-mail address- the fraudster approves such a change on behalf of the supplier and the victim goes on to send the money.
  • CEO Fraud
    This type of attack focuses on employees managing corporate accounts. The fraudster often searches the corporate structure for individual employees on the company’s website or professional social networks, subsequently contacting particular employees on behalf of the company’s manager with an urgent request to transfer money from the corporate account. In a majority of cases, the fraudster uses an e-mail address that only looks similar to the actual manager's e-mail address, however, we have also registered cases when a genuine e-mail address had been hacked. The message may look credible, in particular in cases when such a method of communication and transmission of payment orders is common. Unless the employee verifies the order with the actual manager, they might send the money to the fraudster, mostly to a foreign account.

 

How can you defend yourself against such attacks?

We recommend always verifying any payment orders and invoices with non-standard data received by e-mail directly with the sender in person or by phone.

Please pay attention to the sender’s e-mail address and check if it is real. E-mails from us can come to you both from the domain unicreditbank.cz and from the domain unicreditgroup.cz.

You should also notice any changes in the formatting of e-mails or invoices compared to standard communication (a different font, logo, grammatical mistakes, briefness or austerity); in many cases, companies have registered such features in fraudulent e-mails.

If you suspect that you might have been a victim of an attack, please inform your banker or the Bank’s Customer Centre +420 221 210 031.

 

CEO fraud - example

Fraudulent Calls Alert

We have received an increased number of reports of fraudulent phone calls concerning pending loan applications.

 

In recent days, we have seen an increase in attempts at fraud. The fraudsters call on behalf of UniCredit Bank (or other Czech banks) and inform about alleged pending loan applications. Under various pretexts and threats, they then request personal and security data or the installation of an unknown app. The fraudsters use various phone numbers and in several cases they speak Russian or with a Russian accent. If you experience a similar phone call, we recommend that you do not share any information with the caller and never install unknown apps on your phone or computer. If you are unsure of the authenticity of an incoming call, please contact the UniCredit Bank Customer Centre at +420 221 210 031.

 

Android: Accessibility authorisation

Do you use Accessibility for apps requiring authorisation? Please make sure you trust these apps.

 

 

What purpose does this authorisation serve?

Accessibility authorisation is intended primarily for persons with visual and hearing impairment, speech disorders or physical disabilities in order to simplify their work with the phone and with some apps.

For example, authorisation enables the font size to be changed in some apps, the phone to be controlled by voice or the keyboard layout to be adjusted, as well as the reading out of text displayed on the phone screen.

 

What is risky about this authorisation?

Applications with Accessibility authorisation enabled can read (as well as record) the displayed text and thereby get access to the information viewed by the user, such as text messages and conversations, phone numbers and contacts. In the context of banking apps, this may include sensitive data such as names, account numbers, transactions or balances.

 

Where to check which apps use Accessibility authorisation and how to disable it?

You can find a list of apps in the menu Settings - Accessibility - Services. You can also switch authorisation for individual apps on or off in this menu.

 

How do I recognise if an app is misusing my authorisation?

You should consider what the app is for and if the use of such authorisation makes sense. The app’s developer should be able to explain what the app uses the authorisation for - such an explanation may be displayed directly in the app, available on the app page in Google Play or on the website of the company providing the app.

 

Rules of safe behavior on the Internet

  • Observe the principles of safe behaviour on the Internet and in online banking.

  • Minimise the risk of viruses or other malware infecting your computers and mobile devices.

  • Maximize the protection of your data and funds.

How to do it
Spinning wheel animation

Loading

UniCredit Logo

Want to use all of our website features?

K tomu od vás potřebujeme souhlas s využitím Cookie Policy. Díky analytickým a marketingovým cookies budeme lépe rozumět tomu, co na webu hledáte a jak vám informace a reklamu ušít ještě více na míru. Nastavit si využití všech cookies můžete níže, nebo kdykoliv později jednoduše přes odkaz v patičce webu.
Cookie Settings