Types of Phishing:

• Vishing calls (Voice phishing)

  Beware of phone calls misusing the Bank’s or other legitimate Organization’s name, through normal telephone calls, Social Media Applications (What’s App, Viber, etc). 

  How this type of fraud works: 

  Fraudsters pretend to be from the Bank of Cyprus, the Police, the Post Office, other Governmental Departments or any  other trusted Organisation, to trick you into giving away  personal and financial information, such as account numbers, card details, Internet Banking, BoC Mobile App login passcode, One Time Passwords (OTPs) and Verification Codes (VCs). 

  Callers are pushy, asking you to act swiftly and threaten that if you don’t hand over the details they asked for, they will “block” your Cards and / or your accounts,  “restrict access to your money” or that you must “transfer your money” to a “safer” account or destination. 

  In other instances, they are trying to convince you to approve transactions via Mobile App push notifications and/ or  provide to them the OTPs and VCs received on your Mobile, claiming that  the reason requesting those is to “credit”  your account.  

  How to spot a Vishing call:   

  • Pressure to act swiftly: Fraudsters often create a false sense of urgency, either claiming your account has been compromised and  you need to take immediate action to avoid restrictions or penalties or tricking you into believe that your account will be “credited”, if you follow their directions swiftly.

  • Don’t trust all caller iDs - numbers can be spoofed to look like they’re from your bank. 

  • Receiving repeated calls from the same unknown number in short period. 

  • Fraudsters may address you vaguely, such as “Dear Customer” or “Account Holder” instead of using your name.  

  • Fraudsters may lack specific information about your account or get details wrong. Legitimate representatives have access to your verified account information. 

  How to stay safe: 

  • If you receive an unexpected call and you’re not sure it’s from us, then end the call immediately.

  • The Bank will NEVER  contact you through any Social Media Platforms such as WhatsApp, Viber etc. Only Fraudsters will.  

  • The Bank and other legitimate organisations will NEVER  request you to reveal details such as Internet Banking-Mobile App  login passcodes, OneTime Passwords (OTP),  Verification Codes (VCs), or PINs via any call   

  • Never reply or call back to any such requests. 

  • NEVER reveal or provide your Internet Banking-Mobile App  login passcode, One Time Passwords (OTP), Verification Codes (VCs), full Card details or PIN, with anyone requesting them, for any reason! 

  • Always thoroughly review the FULL content of the Bank’s SMS messages and Mobile App Notifications BEFORE APPROVING any actions / access on your Internet Banking-Mobile App subscription, or any debit(s) from your account(s) and cards. Keep your Internet Banking credentials confidential at all times . 

  Where to get help: 

  • If you think you’ve been scammed, then call us immediately on 800 00 800 or +357 22 128000 if calling from abroad. 

  • If you have provided your Card details, then you can alternatively call at 22 868100. 
• Smishing (Text Messages)

  How this type of fraud works: 

  Fraudsters send highly realistic fake text SMS messages pretending to be your bank, or another legitimate organisation. They want you to reply, click on a link or call back. They will try to make you provide your personal and financial details so they can steal money from your accounts and cards. Beware of SMSs or any other type of Text Messages  pretending to be from the Bank or other “Organisations“ through Social Media Applications (What’s App, Viber, etc). 

  How to spot a Smishing:   

  Typically, these messages: 

  • Encourage you to take urgent action by clicking on a link or making a call back. 

  • Ask you to verify your accounts,  transactions, devices etc. 

  • Look and sound like genuine messages but with new wording added. 

  • May look similar to real messages and sometimes they may even show up in the same thread as genuine messages, you’ve received from an organisation. 

  • May be followed by a phone call from the fraudsters purporting to be the Bank, or other legitimate Organisation  but they will be pushy trying to convince you into  providing banking and personal details. 

  • Potentially include grammatical error, spelling mistakes or awkward phrasing – these are common signs of fraud. 

  • Include offers or unexpected prizes. Ask yourself: Did I even participate in a contest? 

  The Bank of Cyprus will NEVER send you any SMS text message containing a link. The Bank and other legitimate organisations will never ask for your Internet Banking-Mobile App login passcode , card details, PIN, One Time Passwords (OTP) or Verification Codes (VCs) out of the blue. 

  Make sure you thoroughly read the full content of your One Time Passwords (OTP) , Verification Codes (VCs),  Alerts sent from your Bank, BEFORE  you authorise any action and financial transaction.    

  How to stay safe: 

  • Never share your Internet Banking-Mobile App credentials. 

  • Never click on any link(s) in Emails, SMS, App Text Messages, Social media posts or Ads. 

  • Never download any attachments.  

  • Never reply or call back. Always thoroughly review the FULL content of the Bank’s SMS messages and Mobile App Notifications BEFORE APPROVING any actions / access on your Internet Banking-Mobile App subscription, or any debit(s) from your account(s) and cards. 

  • Contact us to verify or report the message. 

  • Never enter your personal information, credit card credentials or passwords on suspicious websites. 

  • Never respond to SMS messages from numbers you don’t recognize and appear suspicious. 

  • Never believe messages that create urgency, such as threating account suspension or claiming you have won a price. 

  • Enable spam filters. Activate your phones spam filter to block suspicious messages. 

  • Keep software updated. Update your device operating system and Applications to enhance protection against vulnerabilities. 

  Where to get help: 

  If the message claims to be from the Bank of Cyprus and you're not 100% sure it's genuine, then call  us on 800 00 800 or +357 22 128000 if calling from abroad, where you may be asked to screenshot the message and send the image to the Bank.  Alternatively you can report any suspicious texts or messages to us at info@bankofcyprus.com and abuse@bankofcyprus.com 

• Phishing over e-mail

  A very common form of fraud today is Phishing over emails. This type of Fraud relates to the receipt of an email which looks like it’s from a legitimate authority or organisation. 

  How it works: 

  Typically, they’ll send you an email and:   

  • encourage you to click on a website link. 

  • urge you to take action quickly and threaten to “block your access to your online accounts”, “block an incoming payment” “close your account” “block or cancel your cards” if you don’t respond. 

  • May pretend that you’re owed or won money. 

  • ask you to share personal and financial information, such as your  Internet Banking login , password, account numbers, One Time Passwords (OTP) , Verification Codes (VCs), Card details and PINs. 

  • include instructions on how to reply or verify your account – like completing a form attached to the email. 

  • Include spoofed Branding in e-mails. Look closely for inconsistencies in fonts, colours, or logos in the message. 

  How to stay safe: 

  If you receive a suspicious email: 

  • Never  share your Internet Banking  credentials, OTPs, VCs. 

  • Never click on any links. 

  • Don’t open or download any unknown attachments. 

  • Don’t reply. 

  • Never grant access of your device(s) to any third party or share your  screen with anyone unless you're absolutely certain of the source’s trustworthiness. 

  • If you're not sure, contact the organisation using a phone number you know is genuine, or visit their official website. 

  • Keep your device(e) secure at all times . Please refer to our supplementary guidance on how to keep your devices secure. 

  • Enable spam filters. Activate your phone's spam filter to block suspicious messages. 

  • Keep software updated. Update your device operating system and Applications to protect against known vulnerabilities. 

  Where to get help: 

  If you've received an email that appears to be from the Bank of Cyprus and you think it might be a scam then forward it to us at info@bankofcyprus.com and abuse@bankofcyprus.com 

• Quishing (QR Code)

  How this type of fraud works: 

  In this type of fraud, a criminal uses QR codes as the delivery mechanisms to lure the victim into providing banking and personal information such as financial and personal data or downloading malicious content. 

  How it works: 

  • The fraudster creates malicious QR codes and distributes them through e-mails, posters, flyers or other physical and digital media. 

  • You scan the QR code with your smartphone or device, believing that it will lead you to a legitimate website. 

  • The QR code redirects you to a malicious website that looks legitimate but is designed to steal banking and personal data like login credentials, banking information or payment details. 

  • In some cases, scanning the QR code may initiate the download of malware or ransomware onto your device. 

  • The fraudster may use this QR code to perform unauthorized actions, such as initiating payments, accessing your accounts or stealing your data. 

  How to stay safe: 

  • Do not scan QR codes from untrusted sources. 

  • Use QR scanner that provides the functionality to preview the URL before opening it and to potentially identify any malicious URLs. 

  Where to get help 

  If you've come across this type of fraud that appears to be from the Bank of Cyprus then forward it to us at info@bankofcyprus.com and abuse@bankofcyprus.com 

   

  Invoice (redirection) Fraud 

  How this type of fraud works: 

  In this type of fraud, a criminal poses to be one of your known regular suppliers or partner, tricking you into sending a payment to their account instead of your supplier’s legitimate account. 

  The criminals can do that, after they have got access to your supplier’s email. They then modify a pending invoice’s account number for their own and forward it to you for payment usually posing a sense of urgency. 

  How to spot an Invoice scam:   

  Typically the fraudsters will ask you to send a payment to an account which is different from the one that you used to send your payments for a particular supplier or partner. 

  How to stay safe: 

  • Remember that the email address of the sender will be exactly the same with the one of your genuine supplier, so bear in mind,  that is not enough. 

  • Always thoroughly verify the payee details before submitting any kind of payment, no matter how urgent the requestor makes it to seem. 

  • Do not rely only on the details provided in an email even if the email address of the sender is the one of your supplier. 

  • If you’ve done business with this supplier in the past, call him/her through a number you have used before. 

  • Check previous well-paid invoices on file, to verify that the payment details match exactly those you’ve successfully used in the past. Even if you have verified the receive email instructions via a verified phone number. 

  • Make sure you enable the “Two Factor Authentication” for your emails. 

  Where to get help: 

  If you've received an email that appears to be from a supplier or partner of yours and you think it might be a scam, then contact your supplier through a previously  verified communication channels (email/telephone) that you were using in the past to contact this supplier and not through any new contact details or channels contained in the new email(s).