The Hungarian media reports more and more cases involving criminals using the identity of well-known businesses and service providers to create fake e-mails and websites to gain access to personal data or make money. In such cases, they don’t steal operators’ databases but generate random e-mail addresses or buy an e-mail database from an illegal black-market source, and send mass e-mail including links to phishing sites to these addresses.
Since phishing sites cannot be blocked by technology means, subscribers and the general public can protect themselves by adopting a more careful approach. Fake e-mails and websites usually give some clues to help you decide whether they belong to a genuine operator or are part of a phishing scam.
Police investigation
To fight this scam, awareness needs to be improved both among operators and in the general public. Phishing attempts have to be detected and reported to the authorities who will then eliminate the tools used by the attackers. To further this end and to protect its customers, Telenor has already taken legal action and launched a broad-based education campaign to raise public awareness of the tell-tale signs of fake e-mails, websites or fraudulent calls.
Telenor has collected the most common types of online scam and the way to recognize them.
The most common types of Internet fraud are as follows:
• Fake payment notice: A fake invoice is sent including a link to a payment website similar to that of the operator. This way, the criminals can both gain access to personal data and make money.
• Fake notification about a compromised account: In a fake e-mail sent in the name of an operator, the fraudsters ask the victim to give their old and new password on a website. This way, they obtain the login credentials of their personal accounts.
• Fake data inquiry: Personal data such as bank card data, phone number or online credentials are requested in the name of an operator.
• (Unexpected) notification about an alleged high-value prize: The victim is notified of an alleged prize via e-mail and is requested to pay a small amount online to cover administration and delivery costs. As the prize doesn’t exist, the money goes to the criminals.
• Fake virus alert: While using their desktop computer or mobile phone for browsing, users see an ad with a (fake) virus alert that offers a downloadable app. When downloaded, the app provides the attacker with access to the data stored on the device (images, phone numbers, text messages and anything you store on your mobile phone unprotected). Such warnings are always suspicious as a simple website or banner cannot perform a virus scan on your device. Therefore, they surely have no information about a (potential) virus infection on the handset you use.
Telenor’s tips on how to recognize and prevent fraud:
- If you get a payment notice or a data inquiry from any operator (including either a common or less common request), please check the following:
- Who is the sender? An unknown sender always raises suspicion. Nevertheless, an e-mail’s sender can be easily faked: a seemingly genuine sender doesn’t guarantee the authenticity of an e-mail.
- Who is the e-mail addressed to? If your name is not indicated in the “To” field, the message is likely to be a mass e-mail – another reason to be suspicious.
- Where does the link/button included in the email take you? If a link allegedly takes you to the operator’s website, please check whether it actually opens with the right URL-address in the browser’s address line. If the website looks like the operator’s website but the URL is different, it is a scam. Most recently, criminals integrate the company’s name into fake URLs which makes it even more difficult to identify fraudulent websites.
- Real account statements and payment notices always include a unique customer ID. If you can’t remember your ID, it makes sense to check it. Since fraudsters are highly unlikely to know your ID, you can easily identify a phishing attempt by spotting a fake ID number.
- Operators never ask for personal data and bank card data via-mail.
2. Customers can always safely check their balance, order services and pay their invoices through their operator’s mobile app or website (the MyTelenor portal and app for Telenor).
3. Never accept a banner-based virus alert. Always download your anti-virus software from Google Play or Apple App Store, after reading the app’s reviews.
4. Winning an unexpected high-value prize should always raise suspicion. No company enters you into a prize draw without you knowing it. Scammers may ask you to pay for delivery, administration or top up their mobile phone. Never pay for such alleged prizes, they are scam.
5. Prepaid customers can complete their mandatory annual data reconciliation with Telenor safely using one of the options available at the following link: https://www.telenor.hu/adategyeztetes
6. Your phone bill also includes sensitive personal data that can be abused by criminals e.g. ordering a high-value smartphone on instalment in your name. Don’t send your phone bills to people you don’t know and always remember that Telenor never asks you to do that.
7. If you are contacted to lend a helping lend to a grandchild or family member in trouble, always contact a common friend or a relative for more information and involve the police, if necessary.
Telenor’s website and the Connected Life blog provide you with more useful advice about phone-based scams including contacts and the actions to take.
Telenor’s website: https://www.telenor.hu/aktualis-visszaelesek-kezelese
Connected Life: https://connectedlife.telenor.hu/kilenc-tipp-az-internetes-es-telefonos-es-csalok-ellen/