All it takes to lose your savings is simply losing your vigilance for just a minute

Almost every day, we are seeing reports of new fraud victims – instances of fraud more directly or indirectly related to banks and other service providers have increased significantly in Estonia in recent years. Scams have become so complex and plausible that any of us can fall victim to them. Fredi Oja, Fraud Prevention Manager at LHV, answers the six most common questions.

What are the most common scams right now?

Currently, three schemes are used most often:

Scam e-mails: Such e-mails usually ask you to suspend payments, ensure the security of your account or otherwise log in to your Internet Bank account using a link attached to the email. We have also seen e-mails asking people to update their data or pay for using the mobile app. The emphasis is always on speed, in order to create confusion in people, i.e. they are asked to respond quickly, click on links, and provide their data.

‘Secure account’ scheme: You may receive a phone call or text message from fraudsters telling you that your account has been hacked and you need to transfer money to a ‘secure account’ immediately. Usually, fraudsters insist that you take immediate action, to ensure that you don’t lose all of your money. You may also receive instructions and an account number on how to make the payment to the ‘secure account’ yourself as soon as possible. Unfortunately, this account is under the control of a fraudster and the money cannot be recovered.

A call from the ‘police’: Victims receive a scam call from the ‘police’, ‘tax authority’ or some other well-known agency. The caller tells the client that they have unpaid fines or taxes and demands immediate payment. Otherwise, the victim will be immediately ‘arrested’ and sent to prison. A similar scheme is used to pretend to be a service provider. For example, a victim may receive a phone call saying they are having problems with their service (such as internet bandwidth and coverage, or a package in transit). You will be asked to make a transfer or, for example, download an additional programme to your computer that will allow fraudsters to take over your account and drain your money. There is also a very common ‘undercover police operation’ scheme in which fraudsters claim to be police officers trying to capture dishonest bank employees: the person is asked to make payments, withdraw money and hand it over to the ‘police’, either in person or by sending money to them via a parcel terminal.

There is a lot of talk about scams and the dangers they pose. Why do people still fall victim to schemes?

In banking, we often see educated and intelligent people of all ages, regardless of gender, who have fallen victim to a scam. Indeed, anyone can become a victim of fraud. Studies show that people often underestimate risks and overestimate their ability to recognise scams. Often, being scammed depends only on chance. Just a few years ago, scam e-mails and websites were easily recognisable, but now they look very plausible. All it takes is a scam e-mail or call at a busy moment when you are distracted.

How much do fraudsters usually get?

It depends on the specific case. As a general rule, when criminals get full access to the victim’s account, for example by sharing their smart-ID PINs or giving them remote access to the account via a computer, the criminals will transfer all of the funds in the accounts. We have also seen cases where fraudsters sell the investments in the account or take out loans under the victim’s account. When a person has entered their data on a scam page, criminals also transfer as many funds from their account as they can – here their actions are limited by the account limits of the victim. Therefore, we recommend that our clients always keep bank account limits as low as possible and increase them temporarily only if they need to make a larger purchase. After that, it is important to reduce the limits again. At the same time, we have also seen cases where fraudsters direct the victim to enter their PIN codes in order to increase the limits of their bank account, so when entering PIN codes, you must always check what are you entering the code for.

Are victims generally able to recover their money?

By the time the defrauded person realises that their money has been stolen and starts to seek help from the police or the bank, it may be too late to help. With the introduction of instant payments, we take it for granted that the transfer will reach the beneficiary’s account in a few seconds, but fraudsters will also take advantage of the quick movement of money. By the time a person notices the loss of money, it may have already been transferred to an account of a tankman in another country or withdrawn in cash.

Banks and other service providers contribute heavily to data security and client awareness, as well as do their best to recover stolen money wherever possible. However, if the client has given the fraudsters access through all the security gates, it may unfortunately be impossible to return the money. We live in a digital country where remembering two numeric codes is enough to confirm important activities, but we often do not realise that entering PIN2 is equivalent to a signature given by your hand, and may have the same disruptive consequences.

At present, e-mail fraud is rife. What are the clear signs that indicate that an email is fraudulent?

Always look at the e-mail sender’s address. If it seems that you have received a letter from LHV but the end of the e-mail address is different than @lhv.ee or differs from it by just one letter or punctuation mark, please do not enter your data. Please note that since the address can be falsified, the sender who appears to be correct does not guarantee the authenticity of the message. Before you open the link in the e-mail, make sure to which address it wants you to be redirected. When reading a letter on a computer, you can see the link by hovering your mouse over the link or button. When reading a letter on your phone, do not click on the link, but keep your finger on the link: this will open a view where you can see the actual address of the link. In case of even the slightest doubt, enter the correct website address in your browser yourself. This way you always know that you are on a proper and secure website.

What is your assessment – will scams continue to develop over the next few years and how? What should we be vigilant about right now?

We can see that in recent years scams have become much more difficult to recognise – unfortunately, this trend is likely to continue. Fraudsters have also used, for example, requests that are very similar in appearance to genuine customer letters, where people are asked to perform the same actions that the bank is actually asking them to do: for example, update your data. In reality, the victim ends up on the scam page. All it takes to lose all your savings is simply losing your vigilance for just a few minutes.

The development of fraud can also be influenced by the development of artificial intelligence, as the content of letters becomes increasingly realistic. While in the past the scams were in broken Estonian, they are now generally written correctly, so they are even more difficult to recognise. This means, however, that we need to be even more vigilant when it comes to calls, letters, and messages.