Safety

UniCredit Logo
Back to top

Internet and Electronic Banking Safety

Please note the scams that have flooded the WhatsApp app.

In the message, using a well-known contact, scammers ask for you to vote for example in a dance competition for their daughter or in the survey for a scholarship. Part of th eregistration is copying a code.

After entering it, the scammers will take control of your WhatsApp / emial account. They gain control of your account and start sending messages on your behalf to all contacts from your phone / email list.

The most common subject of such a fraudulent message, which is sent by a contact from your mobile, is an urgent request to send money along with your account number.

If you have doubts about the reliability of the message, contact the sender and verify the message via another communication channel.

If you need any advice, call us on our infoline at +421 269 202 090, we are here for you.

We have noted an attempt to obtain login data for Online Banking. For example, scamers will refer youviac e-mail to a page that looks similar to the Online Banking login screen.

Be vigilant ant look out for these signs:

  • suspicious e-mail addresses of the sender
  • Non-standard text and urgent calls to acion
  • Unusual web addresses
  • The impossibility of switching language versions - scammers have mostly prepared pages only in Slovac

In case you are unsure, do not hesitate to contact the Bank Infoline +421 2 6920 2090. 

 

  

Be aware of fake ads on social media!

We have recently detected fraudulent ads misusing the name of UniCredit Bank.  The ads offer active clients a financial reward on the occasion of "our birthday" and encourages clients to complete a quiz. However, these questions lead to your banking login or card details being elicited.

Do not click on the link and do not enter your Smart Banking login, password or payment card details anywhere.

Think critically and follow the golden rules:

  • Never enter your Smart Banking login details, password, or activation codes into forms on the internet, Facebook and social media, or via a click from an unknown link.
  • Always log in to Smart Banking and Online Banking only through the official app or the bank's website, never by clicking on an unknown link.
  • Always enter your payment card details on your own initiative, never on the initiative of another person (SMS, e-mail, social network message, ...).

Don't share your Google pay and Apple pay activation codes with anyone.

In case you notice an attempt of fraud, please contact our Infoline at + 421 2,6920 2090.

Are you familiar with the new methods of financial fraudsters?

Knowing the methods of financial fraudsters is the ideal way to avoid falling for them. That's why we regularly inform you about emerging types of fraud to help you protect your finances. This time we bring details of the misuse of so-called NFC technology to withdraw cash without a card. NFC is a wireless technology that allows fast data exchange at a distance of up to 4 cm.

How does it work and what to pay attention to? It all starts out innocently enough. You receive a text message asking you to update your banking app, but it contains a fraudulent link. If you click on it, you'll download a fraudulent app to your phone. You will then be contacted directly by the fraudster stating that your account has been hacked. They trick you into downloading another fraudulent app to get your card PIN. They will then ask you to tap your payment card to your mobile phone. Thanks to the fraudulent app, the NFC chip reader reads and transfers the card data to the device of the fraudster, who is already at the ATM withdrawing cash from the account.


How not to get fooled?

  • Be cautious and do not click on links that are contained in text messages/e-mails.
  • Only update the mobile banking app from the bank's official website or official App Store / Google Play stores.
  • Do not disclose your payment card PIN to anyone.
  • Never attach your mobile device to the card when prompted by an unknown person.


Keep in mind that you too can become a victim of fraudsters. Be cautious and in case of the slightest doubt, please contact our client Infoline on *1111. 

 

 

Beware of fraudulent applications

Are you the owner of a smart device with the Android operating system? Be careful. Recently, there has been a bag of fraudulent applications. They come under different names, currently PDF AI: Add-On, Android Core OS, Phone Cleaner: File Explorer. The apps contain a malware threat that waits for the right opportunity to attack mobile banking and other apps on the phone. If you enable the app to remotely control your phone at the same time, there is nothing to prevent attackers from accessing your account.

How do you know if your phone is likely to be hacked?

Warning signs in the device:

  • Google has signed you out of your Google Account, citing device malware protection.
  • You'll notice odd things like pop-up ads that can't be closed.
  • You see warnings about a virus or infected device.
  • The antivirus software you are using has suddenly stopped working.
  • The device is suddenly much slower and/or the free memory space has decreased significantly.
  • The device has stopped working properly or does not work at all.

Warning signs in the browser:

  • You see warnings about a virus or infected device.
  • You get pop-up ads or new tabs that you can't close.
  • In the Internet browser Google Chrome, you find unwanted extensions and bars that you cannot get rid of.
  • Browsing is out of your control and you are redirected to unknown sites or advertisements.
  • Chrome's home page or default search engine is being changed without your permission.

How to keep a safe environment on your phone:

  • Do not install applications from unverified sources.
  • Control what rights you grant to new apps.
  • Check the list of apps on your phone. Do you have an unknown or unused application in it? Delete it or remove unwanted access from it.
  • Update your phone's operating system and browser regularly.
  • Use fingerprint or facial recognition.
  • Have an antivirus program on your phone.

 

More detailed information about malware and how to fight it directly from Google can be found here: Remove malware or dangerous software - Android - Help Google Account

Keep in mind that you too can become a victim of fraudsters. Be careful and contact our client Infoline +421 2 6920 2090 if you have the slightest doubt.

Fraudsters contact advertisers on online marketplace portals with an interest in the advertised goods. Under the pretext of crediting the payment, they send a link pretending to be from Slovenská pošta or a courier company, but which is a fake link to log in to UniCredit Bank Online Banking. In this way, they try to get your login credentials, which are then promptly misused on the actual Bank's website when the fraudster logs into Online Banking.

Therefore, choose cash on delivery or cash only if you advertise on these portals. Never provide any sensitive or personal information through the links provided.

Please also note that if you receive an SMS code to activate Online Banking, Smart Banking, or a notification of a change of phone number or e-mail, but you are not currently performing any of these activities, you should immediately contact the UniCredit Bank Infoline on +421 2 6920 2090 with a request to block your account.

If in doubt as to the authenticity of incoming e-mails, messages or calls, please contact the UniCredit Bank Infoline on +421 2 6920 2090.

We are registering an increased number of fraudulent SMS and e-mails abusing the name of the Slovak Post, or courier companies (DHL, SPS, etc.), which demand payment of customs duty for the delivered parcel. They link to a payment gateway where they ask for payment card details. Never fill in these forms and check directly with the company concerned. Do not respond to a request to fill in payment card details in a private message ( Whatsapp, Messenger,...) or in an unsolicited email. Read the safe online behaviour policy on our website HERE .

 

We are seeing an increased number of cases where the client is asked to forward the activation SMS for Smart Banking. This SMS is always for you only and under no circumstances should you forward it to anyone. If you do so, you may be allowing a fraudster to install Smart Banking on your phone to access your account(s). If you have any suspicions, call us at +421 2 6920 2090.

If someone asks you to forward the SMS below, they are trying to gain access to your account and are a fraudster.

SK app - iOS

SK app - Android

We have seen an increase in fraudulent calls where the caller pretends to be the police, a call centre operator or a bank security officer and reports that your account has been hacked or a loan has been arranged in your name.   

  • Never send funds based on a phone call or deposit funds in unknown boxes. Neither the police nor the bank will ever ask you to deposit or transfer your money over the phone.  
  • Do not tell the phone what bank you have an account with or your credit card, account or access details. 

If you are not sure about the authenticity of incoming e-mails, messages or calls, please contact the UniCredit Bank Infoline at +421 2 6920 2090.

Recently, there has been an increased fraudulent activity in the Slovak Republic. That is why we would like to draw your attention to two very common fraud scenarios:

Selling goods through an advertising platform

If you are selling goods through an advertising platform and you are contacted by a potential buyer who offers to pay for the goods to your payment card, pay attention. Such a buyer usually wants to know your payment card information (card number, validity, CVV / CVC code, PIN or one-time code) in order to transfer money to your card. 

It is not possible to make transactions “to a payment card”; such scenarios are always fraudulent and if you provide your payment card details, your card will be misused by the fraudster.

Always pay attention when using advertising platforms to sell goods. Do not respond to offers to send money to your card and never enter the card details in a form sent to you by the buyer.

Fake Microsoft support service

A fraudster pretending to be a Microsoft employee calls you (usually from an international number and the call is in English) and informs you of a problem with your computer. He or she invites you to install an app and wants you to allow remote access to your computer or pay a technical support fee. Pay careful attention! Microsoft never asks clients to allow remote access to their computer.  

Never share your payment card information, install unknown apps, or allow remote access to your computer, Internet banking, or your data based on similar calls.

Read more information on frequent fraud and security advice HERE.

If you are not sure about the authenticity of incoming e-mails, messages or calls, please contact the UniCredit Bank Infoline at +421 2 6920 2090.

The most common tricks of scammers

If you have a credit/debit card, be careful when using it. Even you can become a target of the scammers.

 

The credit/debit cards are often a target of the scammers who try to obtain necessary data and then misuse it for fraudulent transactions or ATM withdrawals.

When the scammer is trying to obtain credit/debit card details, they do not introduce themselves by the specific bank name and therefore these attacks are much more universal than attacks targeting the Internet or mobile banking.

 

What are the most common types of scams, how to identify them and how to prevent them?

  1. Your card has been blocked
    The user receives an e-mail or a text message informing him/her that his/her card has been blocked for various reasons and to unblock it the user has to click on the link and enter the card details to verify or to send these details back in the reply.
    Such messages are always fraudulent, banks do not verify clients in a similar way, and if the card is actually blocked for security reasons, it is not possible to unblock the card in this way.
    Under no circumstances enter or send card number or other information based on similar messages. If you receive a similar message, contact the bank's Infoline or your banker to check the situation.
  2. Your card has been misused and needs to be blocked
    As in the previous case, the scammer informs the user that his/her card has been misused and must be blocked. This information is often reported by a phone and the scammer requests, under the pretext of user authentication, the full credit/debit card number and other details such as card validity, CVV/CVC code, PIN code or one-time authorization code.
    If the bank blocks the card for security reasons, it never asks the user for the full card number, CVV/CVC code or one-time codes for transactions.
    Under no circumstances provide the entire credit/debit card number, CVC/CVV code, PIN code or one-time transaction codes based on a similar call. If you receive a similar call, contact the bank's Infoline or your banker to check the situation.
  3. Apple Pay and Google Pay
    With the launch of Apple Pay and Google Pay, scams using their name began to appear.
    The user receives an e-mail or a text message informing him/her that their Apple Pay or Google Pay account has been blocked and should click on the attached link to unblock it. After clicking, the user is redirected to a website where he/she has to enter their credit/debit card information. However, this message and the website are fake and have nothing to do with these services.
    The user always manages credit/debit cards in connection with Apple Pay and Google Pay directly in the Apple Pay or Google Pay application.
    If you receive a similar message, check it in Apple Pay/Google Pay application and check the situation in your account settings. Do not use the links provided in the fraudulent message to open the application.
    Do not enter your credit/debit card information or PIN on suspicious websites based on similar messages.
  4. Undelivered shipment
    The user receives an e-mail or a text message that the shipping service could not deliver the package due to unpaid transport or customs duties. The apparent arrears are usually small – a few euros. The message also contains a link to the payment gateway, where the user has to enter the details of the credit/debit card and pay the arrears so that the shipment can be delivered to him/her. However, both the message and the payment gateway are fake.
    Shipping companies usually do not send similar e-mails. Neither the sender's e-mail address nor the payment gateway's web address belongs to real companies in the event of fraud, but they often try to imitate the real address.
    If you receive a similar message and you are unsure of its authenticity, contact the shipping company directly to verify the information. Also, make sure that the email sender's address matches the actual shipping company address. Do not enter your credit/debit card information based on similar messages.
  5. A loan for a friend
    The user is contacted via Facebook or Messenger by their friend with a request for a small loan, usually a few euros. If the user agrees, the friend will send him a link to the payment gateway, where he/she has to fill in the credit/debit card details and send the transaction. However, the friend's profile is fake and so is the payment gateway. If the user enters credit/debit card details here, the scammer will immediately use them to transfer a higher transaction. When confirming this transaction, the user may not notice that he/she authorizes a much higher amount than the agreed few euros.
    Friends' loan requests via Facebook or Messenger are in most cases fraudulent. The friend's profile and the payment gateway used are fake, the payment gateway address does not belong to any existing company, but it is often similar to the actual address.
    If you receive a similar request, contact a friend by phone and verify the authenticity of the request with him/her. Also, make sure that the payment gateway address is correct and that the website is secure.
  6. Cheap goods in e-shops
    The store offers goods for a fraction of their actual price and entices the user to bargains. Reviews of satisfied users who praise the quality of goods and speed of delivery are often listed directly on the website. However, these reviews are fake and the store fraudulent, not only does the user not receive the purchased goods, but often the credit/debit card details of which were provided by the user when paying for the goods can be misused.
    By law, the seller's identification and contact details and terms and conditions must be provided at the store's website. Secure stores use encrypted communication to sign in or pay – at the beginning of the address is https.
    If you come across similar store, check to see if it is run by an existing company. Find reviews of this store online (but don't believe the reviews listed directly on the store's website) and check the website's security. If the store is suspicious, don't shop there.
  7. Online bazaars scammers
    You will recognize the scammers on the online bazaars by the way they communicate, most often they will contact you via an e-mail or a chat applications such as Messenger, WhatsApp or Viber. It is mostly an urgent communication. The scammer will want to send a courier to pick up the goods. The scammer will then send you a link with the payment gateway and will ask you to enter your credit/debit card details to send the funds for the goods directly to the credit/debit card. In reality, however, multiple scenarios may occur. For example:
  • The scammer adds the credit/debit card to Apple Pay/Google Pay, requests a code to confirm, which you will receive via a text message. The scammer will then make the payment, without any further confirmation.
  • The scammer will pay online, for which the scammer will ask for your confirmation, which you will receive as a push notification in your application.

Always read the message you are confirming and never confirm a transaction you do not know. Also, never share your Apple Pay/Google Pay activation code with anyone.

 

Helpful hints:

  • The bank does not send their users information about blocking the credit/debit card via e-mail/text message with the option to unblock it via the attached link. Do not respond to such messages.
  • Always check carefully the messages requesting  your credit/debit card information. Focus on the sender's email address, the link address. If you are unsure, contact the alleged sender by phone – look for contacts on the Internet, do not use those listed in the suspicious message.
  • Check the security of the website – lock and https: in the address bar. The lock provides information about the certificate of the site, https is a protocol providing encrypted communication. Never enter information on a website that uses the http: protocol.
  • The credit/debit card number is in most systems in the format 1234-56XX-XXXX-1234, while the 6 middle digits are masked. Never share these numbers with others via e-mail, text message or phone call.
  • PIN code is only used to identify the user at the ATM or to confirm terminal transactions. However, in no case does it serve to identify the user when communicating with the bank, so never report or send it to anyone.
  • Always read the text of the received text messages carefully, and if it is meaningless or does not correspond to the activity you are performing, be careful.
  • Have the credit/debit card limits set correctly, both for the payments via the Internet or at merchants, as well as for the ATM withdrawals. If necessary, it is always possible to temporarily increase these limits.
  • Pay attention to grammar and typos. Although phishing messages today are at a higher level than in the past, they often still contain typos and errors that can warn the attentive user.
  • If you are unsure, contact the bank's Infoline +421 2 6920 2090 or your banker and ask them to verify the messages received.

Companies: Fake Invoices and CEO Fraud

Beware of fraudulent e-mails sent to companies with the aim of inspiring trust and attempting to relieve the corporate accounts of money.

Fake Invoices and CEO Fraud are types of fraudulent conduct which more and more companies have come across recently. The fraudsters are trying to imitate communication with the company’s manager or supplier and subsequently to trick employees to send money from corporate accounts.

 

 

Ako to funguje?

  • Fake Invoices
    The fraudster may send an invoice to the company giving the impression it was sent by the company’s supplier. In the majority of cases, the fraudster uses an e-mail address that only looks similar to the actual supplier's e-mail address, however, there are also cases when an e-mail is sent from a genuine e-mail address. The fraudster could trace the link between companies on the Internet but the e-mail box of one of the companies might also be compromised and the existing communication monitored.
    In such case, the invoice itself can appear very plausible, differing only in the supplier’s account number. Frequently, the victim notices such a change, however, and asks for confirmation via a message to the fake e-mail address- the fraudster approves such a change on behalf of the supplier and the victim goes on to send the money.
  • CEO Fraud
    This type of attack focuses on employees managing corporate accounts. The fraudster often searches the corporate structure for individual employees on the company’s website or professional social networks, subsequently contacting particular employees on behalf of the company’s manager with an urgent request to transfer money from the corporate account. In a majority of cases, the fraudster uses an e-mail address that only looks similar to the actual manager's e-mail address, however, we have also registered cases when a genuine e-mail address had been hacked. The message may look credible, in particular in cases when such a method of communication and transmission of payment orders is common. Unless the employee verifies the order with the actual manager, they might send the money to the fraudster, mostly to a foreign account.

 

How can you defend yourself against such attacks?

We recommend always verifying any payment orders and invoices with non-standard data received by e-mail directly with the sender in person or by phone.

Please pay attention to the sender’s e-mail address and check if it is real.

You should also notice any changes in the formatting of e-mails or invoices compared to standard communication (a different font, logo, grammatical mistakes, briefness or austerity); in many cases, companies have registered such features in fraudulent e-mails.

If you suspect that you might have been a victim of an attack, please inform your banker or the Bank’s Infoline on phone number +421 2 6920 2090

 

Visa karta | UniCredit Bank - přední strana

Fraudulent Calls Alert

We have received an increased number of reports of fraudulent phone calls concerning pending loan applications.

 

In recent days, we have seen an increase in attempts at fraud. The fraudsters call on behalf of UniCredit Bank (or other Czech banks) and inform about alleged pending loan applications. Under various pretexts and threats, they then request personal and security data or the installation of an unknown app. The fraudsters use various phone numbers and in several cases they speak Russian or with a Russian accent. If you experience a similar phone call, we recommend that you do not share any information with the caller and never install unknown apps on your phone or computer. If you are unsure of the authenticity of an incoming call, please contact the UniCredit Bank Customer Centre at +421 2 6920 2090.

Android: Android: Accessibility authorisation

Do you use Accessibility for apps requiring authorisation? Please make sure you trust these apps. 

 

What purpose does this authorisation serve?

Accessibility authorisation is intended primarily for persons with visual and hearing impairment, speech disorders or physical disabilities in order to simplify their work with the phone and with some apps.

For example, authorisation enables the font size to be changed in some apps, the phone to be controlled by voice or the keyboard layout to be adjusted, as well as the reading out of text displayed on the phone screen.

 

What is risky about this authorisation?

Applications with Accessibility authorisation enabled can read (as well as record) the displayed text and thereby get access to the information viewed by the user, such as text messages and conversations, phone numbers and contacts. In the context of banking apps, this may include sensitive data such as names, account numbers, transactions or balances.

 

Where to check which apps use Accessibility authorisation and how to disable it?

You can find a list of apps in the menu Settings - Accessibility - Services. You can also switch authorisation for individual apps on or off in this menu.



How do I recognise if an app is misusing my authorisation?

You should consider what the app is for and if the use of such authorisation makes sense. The app’s developer should be able to explain what the app uses the authorisation for - such an explanation may be displayed directly in the app, available on the app page in Google Play or on the website of the company providing the app.

Rules of safe behavior on the Internet

  • Observe the principles of safe behaviour on the Internet and in online banking.

  • Minimise the risk of viruses or other malware infecting your computers and mobile devices.

  • Maximize the protection of your data and funds.

How to do it
Spinning wheel animation

Loading

UniCredit Logo

Want to use all of our website features?

K tomu od vás potřebujeme souhlas s využitím Cookie Policy. Díky analytickým a marketingovým cookies budeme lépe rozumět tomu, co na webu hledáte a jak vám informace a reklamu ušít ještě více na míru. Nastavit si využití všech cookies můžete níže, nebo kdykoliv později jednoduše přes odkaz v patičce webu.
Cookie Settings