Postbank
Postbank
Homepage
  Site Map   Contact      
Postbank
Postbank
Postbank Postbank Postbank Postbank Postbank
PostbankPrivate Clients PostbankBusiness Clients PostbankCorporate Clients
  Postbank direkt Postbank
Postbank
  Online-Banking Postbank
Postbank
  Online-Brokerage Postbank
Postbank
 
Deutsche Post World Net
June 21, 2006

Postbank: Putting a stop to online fraud
What are the threats?/ How can I protect myself effectively?/ Tips for recognising fraudulent tricks

Original or fake? These days, this question has become just as vital for online banking users as for art collectors, with Internet frauds able to create remarkably genuine-looking bank websites and e-mails in an attempt to persuade bank customers to part with their account details. Increasingly, criminals are also sending trojans to spy on confidential data. These malicious programs sit in the background on the customer’s PC and collect data such as passwords, PINs (personal identification numbers) and TANs (transaction numbers).

Good detective skills alone are not enough to unmask Internet fraud. Nevertheless, the number of options available to online banking users who want to protect themselves against these dangers and learn to recognise fakes more easily is greater than generally assumed. If customers and their bank work together, the bank’s high security standards can have the desired effect.

Keeping an eye out for nasty surprises
When walking around town, it goes without saying that you keep your purse safely concealed. Bank customers who use the Internet should apply the same degree of caution in keeping their account details safe from the eyes of would-be pickpockets: anyone who carelessly gives others access to data, passwords, PINs (personal identification numbers) and TANs (transaction numbers) can become a victim of Internet fraud. Fraudulent behaviour always requires some kind of “negligence”, be it an insufficiently protected PC or a complacent user.

A well-protected computer turns away unwanted guests
In the same way as an open window is an invitation for thieves, an unprotected computer attracts Internet criminals and allows viruses and trojans to flourish. This means that the first and most important step in ensuring safe surfing and online banking is a well-protected PC. There are three key factors in making a computer safe from attacks: firstly, the operating system should be updated regularly. Using an obsolete operating system is like leaving the barn door wide open for undesirable data. As frauds are always coming up with new scams, users should also update their virus scanners on a daily basis. And finally, firewalls are vital to every computer’s security. A firewall acts as a bouncer, checking the identity of anyone who wants to “get into the computer”. Unwanted guests are turned away.

Tip:
The German Federal Office for IT Security (BSI) offers useful information and free downloads of virus scanners and firewalls: www.bsi-fuer-buerger.de >Downloads >Programme. For example, the BSI recommends the anti-virus software “Antivir Personal Edition Classic” and the firewall “Zone Alarm” – neither of which require more than basic to intermediate IT expertise on the part of the user.

How can I protect myself effectively?
A keen sense of scepticism is important when using the Internet. Offers that seem too good to be true should be examined carefully or simply avoided. You wouldn’t let just anyone into your home, so why open every e-mail or click on every link?

Five tips for recognising fraudulent tricks

1. Check who you’re dealing with
As in all transactions, Internet users should first check who they are dealing with. It helps to cast a critical eye over the website: is the address (URL) in the browser window correct? Is the padlock symbol visible on the site and does clicking on this symbol bring up a valid certificate?

2. Healthy distrust of suspicious mails
Hackers often send e-mails with infected attachments. Opening these attachments can install malicious programs (trojans) or viruses on the recipient’s PC. To avoid this, files from unknown senders should not be opened.

Other frauds create fake bank e-mails requesting confidential account information for online or telephone banking. Banks never send out e-mails like this. Mail signatures can help users to determine whether an e-mail is genuine or not. Unfortunately, mail signatures are not yet widely used and are not supported by all e-mail software. The recipient of a signed e-mail can click on the signature symbol to see whether the mail is genuinely from the sender and whether the content has been changed.

Once frauds have found out a user’s PINs and TANs and got hold of their money, they attempt to smuggle this stolen money abroad. Since they need accomplices to achieve this, they send out e-mails disguised as job adverts for “financial agents” or “financial managers”, who are expected to provide their account details for incoming transfers, collect the money and forward it in cash to a foreign recipient using a money transfer service. These job offers promise high rewards. Beware: anyone who performs illegal transactions risks not only having their checking account closed with immediate effect, but also prosecution for money laundering. The first financial agents have already been sentenced. One substantiation of such a court verdict stated that it should be obvious to bank customers that the monies in question are illegal because “…no company in the world would need to involve unknown private persons in money transfers...” (Darmstadt Local Court, verdict dated 11 January 2006, file no.: 212 Ls 360 Js 33848/05).

3. Keep passwords confidential
Passwords should be unusual and hard to guess. Dates of birth, first names etc. are not suitable passwords! For online banking, a combination of numbers and letters is particularly secure. Sensitive data must be kept confidential; this includes passwords, bank card PIN numbers, online PINs and TANs, and PINs for telephone banking. Banks never request this information by e-mail! If you receive a request of this kind pertaining to be from your bank, you should delete the mail immediately, as it is definitely a fake.

4. Banking transactions: only on your own computer
When you’re on the road, there is a great temptation to nip online and use your laptop for online banking via public wireless networks (e.g. WLAN hotspots at train stations, airports, etc.). These hotspots are unsuitable for banking transactions, as are publicly accessible computers or Internet cafés. The security of online banking at public locations cannot be guaranteed! Bank customers should always use their own computer or another trusted computer for online banking.

5. Notify your bank of anything suspicious
What should you do if your connection goes down during online banking? Notify your bank immediately and, if possible, log on again straight away and change your PIN.

Postbank: security tips, limits, TANs and signatures – protection by the professionals
To help put a stop to Internet fraud, Postbank is constantly improving its high standards of security in online banking. It provides permanent security tips and has introduced a limit for Internet transfers and new TANs for online banking. The Bonn-based bank has also added signatures to its customer e-mails since the end of 2005.

All online banking users should regularly consult the security tips provided by their bank. This is already second nature to many bank customers, 80 percent of whom read their bank’s security tips (source: eFMDS 2006).

Postbank provides highly detailed information both on the Internet and in its free online newsletters:
http://www.postbank.de/sicherheit
http://www.postbank.de/newsletter

In Postbank online banking, the customer determines the maximum  amount that can be transferred online. Naturally, this transfer limit can be changed at any time. In addition, two new types of TAN (transaction number) have made online banking with Postbank even safer: indexed and mobile TANs. In the indexed TAN procedure, which has been offered by Postbank since August 2005, the bank’s system requests a specific TAN from the customer. The customer can only perform an online transaction by entering the correct TAN from the list provided. Postbank has offered the mobile TAN since 2003. This TAN is sent to the customer’s mobile phone by SMS, making it particularly secure – as was recently confirmed by the TÜV Rheinland Group, which awarded mTAN the TÜV quality seal in December 2005.

Phishing is often only possible because customers believe faked e-mails to be genuine. This is why Postbank has introduced mail signatures. This procedure makes it easy for customers to recognise faked e-mails. Customers can click on the mail signature to see whether the mail is genuinely from Postbank and whether the content of the mail has been changed. For further information: www.postbank.de/email-signatur

Tips: Additional information on Internet security
www.postbank.de/sicherheit
www.bankenverband.de/online-banking
www.buerger-cert.de
www.bsi-fuer-buerger.de (download free security software)

Help for Postbank customers who suspect they may be the target of phishing
by e-mail: direkt@postbank.de
by telephone: 0800 -100 89 06 (toll-free, Germany only)

Notes for editors:
The following press photos can be downloaded in professional quality from www.postbank.de/foto > Online-Banking:
- Faked Postbank website
- Characteristics of a genuine website
- Faked phishing mail
- Genuine Postbank e-mail with signature
- Illegal “financial agent” job offer

 

Internet Fraud Glossary
  Definition How do I protect myself?
Phishing “Phishing” is an artificial word and stands for “password fishing”. Criminals attempt to persuade bank customers to part with confidential information by sending out fake e mails that look genuine but that actually contain links to third-party websites. These sites then ask users to enter confidential bank details, such as account numbers, PINs and TANs. First and foremost, by being careful! These e-mails should be deleted immediately. Banks never request confidential account information by e-mail. Three criteria should be applied in checking whether a website is genuine:
1. the correct address (URL);
2. padlock symbol with 128-bit encryption;
3. certificate verifying the authenticity of the site.
Intermediary / financial agent Phishers try to bring their stolen money to safety with the help of unwitting intermediaries by publishing small ads or sending out e-mails offering lucrative second jobs. Intermediaries are expected to play the role of a money courier, providing their checking account details for incoming transfers and forwarding the money to a foreign recipient. Caution: these jobs are illegal. Intermediaries are guilty of money laundering and may face prosecution. Hands off! You should never accept this kind of offer. Anyone who makes their account available to third parties for transfers may be prosecuted.
Trojan Trojan horses or trojans are programs that contain both malicious and seemingly useful functions. They can perform unwanted actions on a PC and collect personal data, for example, without the user noticing. By using secure technology! Virus scanners and firewalls should be updated on a daily basis in order to ensure that no trojans can find their way onto your computer. The operating system should also be updated regularly. For safety, e-mails from unknown senders should be deleted immediately.
Pharming Pharming (pronounced “farming”) is another method of online fraud using trojans or viruses. Criminals exploit security flaws in the customer’s browser. When the customer enters the address of his bank or selects a bookmark, the trojan replaces the bank’s address with that of the fraud without the customer noticing. The customer is then taken to a fake website where the data entered ends up with the criminal. Again, secure technology is the best line of defence. This includes daily updates of your virus scanner and firewall and an up-to-date operating system. The latest versions of virus scanners will fend off attacks from trojans and viruses. You can identify fraudulent behaviour by checking whether websites are genuine: click on the padlock symbol to see whether a valid certificate is displayed.
Postbank 		Postbank
Contact
Please send your questions concerning the press to presse@postbank.de .
Postbank
ZurückDeutsche Postbank AGBackDeutsche Postbank AGPostbankDeutsche Postbank AGTopDeutsche Postbank AGHomepageDeutsche Postbank AGDeutsche Postbank AG
ImpressumDeutsche Postbank AG© 2008 Deutsche Postbank AG | Imprint / Disclaimer