The consumer protection agency warns that tricksters are increasingly brazen in their attempts to access bank customers’ money. Here’s how to recognize deception and determine who is liable in extreme cases.
Munich – Fraudsters repeatedly siphon off large amounts of money by scamming bank customers during online banking sessions. What are the most common scams? How can one protect themselves? And what should you do if you truly become a victim of fraud? Here are the key questions and answers.
How do criminals access their victims’ money?
Criminals targeting bank customers have the same objective: to access their victims’ money. They typically succeed by withdrawing cash from accounts, making transfers, requesting new cards in the victim’s name, or taking out loans under the customer’s identity. To achieve this, the fraudsters need to obtain the customer’s account details and usually require approval for transactions through TAN or push-TAN procedures.
To obtain this information, they often send fake SMS or letters, lure victims to click on QR codes or links from counterfeit banking websites, install malware on computers, or impersonate bank employees over the phone to harvest data and authorize transactions. Sometimes, to gain digital identity, they even simulate a video identification process, posing as testers.
What are the most common fraud tactics?
Court cases collected by Stiftung Warentest over the last two years illustrate the latest scams: In Wuppertal, for instance, fraudsters sent a SMS to a customer of a savings bank containing a link that directed him to a fake website, where he was prompted to enter personal data and his TAN for transaction approval. Using these details, the fraudsters stole almost €40,000.
In Cologne, criminals called a bank customer and reported suspicious withdrawals from his account. Prior to this, they had ordered a new debit card in the name of the customer from the savings bank. To reverse the allegedly suspicious withdrawals, they asked the customer for TAN approval. However, instead of canceling orders, the customer inadvertently activated the card for the fraudsters, resulting in a loss of €14,000. Additionally, another fraudster posed as a Telekom employee to gain a customer’s data from a northern German cooperative bank. It is believed he accessed banking details through the Telekom account, transferring €32,000 to Spain.
How to recognize fraud attempts?
“The attacks are becoming increasingly sophisticated,” warns legal expert Christoph Hermann from Stiftung Warentest. He advises: “Don’t trust anyone during banking transactions.” Particular caution should be exercised during phishing attempts for account data, and customers should scrutinize bank letters for discrepancies, oddities, or errors. They should never click on links or QR codes but should always enter addresses manually. Moreover, they can cross-check information by logging into their online banking to see if a bank genuinely requires confirmation or certain data.
If in doubt, customers should also call their bank, and verify phone numbers! At the same time, they should never provide information to callers. Furthermore, software and devices must always be kept updated. Identity documents should only be shown when customers are confident they will not be misused. Additionally, customers should not ignore warning messages reporting another device logging into online banking or large amounts being withdrawn, according to Stiftung Warentest.
What to do if you become a fraud victim?
Immediately block accounts! There is a blocking hotline available at 116 116 or you can call +49 30 4050 4050 from abroad. Additionally, defrauded bank customers must promptly notify their bank. If their money is lost, customers have a good chance of recovering most or even all of the amount. “Customers are only liable for lost money if the bank can prove gross negligence on their part,” states legal expert Christoph Hermann from Stiftung Warentest. Therefore, there should be no shame in promptly reporting to the police.
And when are customers liable for the damage?
It is rare for defrauded customers to be left with the financial loss. However, this can happen if customers act negligently. In Munich, for instance, a woman fell for a fake letter from her bank, and despite numerous spelling mistakes in the text, she did not become suspicious. As a result, she logged into a counterfeit bank site and entered her account details. Shortly after, she also provided the fraudsters on the phone with her account activation code, leading to the loss of over €20,000. The Higher Regional Court of Munich regarded this as gross negligence, and the bank was only required to refund €2,000, approximately one-tenth of the stolen amount.
