Taming the scourge of spoofing, or fraud that involves impersonating a hotline number and claiming to be bank employees, requires practical and effective measures. Now, in the IKO mobile application, PKO Bank Polski customers can check whether they are talking to a real bank employee or a cybercriminal.
Spoofing is an increasingly common scam. Criminals, taking advantage of weaknesses in the mobile telephony infrastructure, can impersonate any phone number – a bank helpline, police or prosecutor’s office.
Cybercriminals call people whose information they find on social media and pose as employees of a bank or other social trust institution. They often use the pretext of securing your account – informing you that a purported transfer of a large amount or a suspicious card payment has been blocked.
Most often they claim that the bank has blocked the suspicious transaction and needs the caller’s full-service login details or BLIK codes. Sometimes they ask to perform a transaction, login to an account, install software such as AnyDesk, TeamViewer, etc. (these applications allow to “watch” the victim’s computer). Taking advantage of the user’s confusion, they phish for e-banking access data, payment card details, BLIK codes, insist on installing apps or transfer of money to a “technical account”. The data obtained from the conversation allows the victim to be robbed.
However, PKO Bank Polski found a way to limit the scourge of spoofing. Bank customers who have the IKO mobile application active can now use it to verify that they are being contacted by a real bank employee.
“In a few simple steps, a customer can confirm the identity of a bank employee in the IKO app. PKO Bank Polski was one of the first banks on the Polish financial market to introduce such a solution, which will definitely increase the effectiveness of the fight against fraudsters,” emphasizes Michał Macierzyński, Director of the Digital Services Department at PKO BP.
During a conversation with a consultant, a PKO BP customer holding an IKO application will receive on his phone a push message with the data of the employee who contacts him (name and surname, position, address of the branch). He can verify the identity of the caller by asking the bank’s employee to provide this data – if it agrees with the sent information, he confirms it with the PIN to IKO (s/he has 2 minutes for this) and both parties can safely continue the conversation.
Both PKO Bank Polski and other banks warn about cyber fraud spoofing on their websites, login pages, mobile apps, social media or hotlines. Warnings were also issued by the Polish Bank Association and the police.
What is worth keeping in mind?
– A bank employee will never ask you to install additional software or applications,
– A bank employee will never ask for remote access to your computer,
– A bank employee will never ask you for your online banking login information, authorization codes or full card number and CVV/CVC code,
– The bank employee does not ask for BLIK codes.