The state of phishing
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. — Wikipedia
How does phishing work?
Phishing is usually done over e-mail or instant messaging, sending the user via a link to a an “apparently legitimate” site where they gather the user’s data or are infected by malware (ie. trojan).
There isn’t a one-size-fits-all defense against phishing attacks.. Phishing can come in all shapes and forms, even someone lying to you in person. So while you can’t avoid liars after your info, you can get better at spotting them.
Criminals can launch targeted phishing campaigns directed at employees’ organizations or their customers. It’s a bit like a criminal marketing campaign.
In the same way that marketing is becoming more innovative and intrusive, phishing will become more targeted and effective.
Phishing and banking
Since banking is “where the money is,” phishing practices have evolved to better compromise banking and financial information. One out of four phishing targets involves bank information and these are attacks are becoming more and more frequent.
Online banking phishing scams are constantly evolving. So, at N26 it’s something we’re always on the lookout for.
How to protect yourself from phishing
N26 will never contact you personally for information related to your account (login, password, Credit card number…), or your identity (ID card, Social Security number…). We will not contact you to get an information that we already have.
A phishing attack normally works by creating a false feeling of security. Most phishing emails or websites look just like real ones. The whole point is to fool you into giving away your access information.
6 ways to protect yourself from a phishing scam attempt
- Do not share your bank login with anyone, even if the person claims to be a bank employee.
- Choose an email provider that offers two-factor authentication as well as spam, malware and phishing filters and will display an alert if something look suspicious.
- Only use your login on the official bank app (ie. N26 app link), never download the application from somewhere else. If you’re an N26 customer, never use login informations on another domain than https://app.n26.com or https://my.n26.com
- Copy and paste URLs from emails and check them before visiting
- But particularly — don’t click on a link if you received an email that asks you to perform an action that you didn’t initiate (reset password, validate your account…)
- Always check a link before clicking on it. Hover over it to preview the URL, and look carefully for misspelling or other irregularities.
- Bank websites always make use of HTTPS on their websites. If you cannot see the green lock icon in the browser or see the “https” prefix before the site’s URL, \ it’s likely that the site isn’t secure. Here is how https://app.n26.com should appear in different browsers.
Internet Explorer 11
Here are some clues that might give away a phishing attack after your bank information
- Messages with misspellings and typos, multiple fonts or oddly-placed accents.
- Messages that claim to have your password attached. A bank should never send you your password as an attachment,
- Mismatched links. Hover over a link and make sure the link actually goes to the place shown in the email.
- Messages asking for your personal information. If you’re an N26 customer, we will never ask you for:
○ Your account password
○ Your social security number or tax identification number
○ Your full credit card number or PIN
- Messages claiming that your account will be deleted or blocked unless you take immediate action.
What to do and not do if it seems phishy?
Be wary of any unusual requests and trust your gut If a request seems suspicious, it probably is!
If a request seems suspicious
- Click on any links
- Open or download attachments
- Trust contact information displayed in the email
- Report it to your bank. For N26 uses, please forward the suspicious message to firstname.lastname@example.org.
- Check if the request is legitimate. Feel free to call our Customer Support service using our number here.
- Limit the personal information you disclose on social media or on the internet (including other websites, your emails, etc.).
At N26 we take security very seriously. We are a bank with a solid tech foundation So if there is a risk, you can believe we know about it. We’re constantly working to improve our security systems and are on a mission to help you and the world be a bit more security savvy.
We hope you find this article interesting and helpful!
The N26 Security Team.
Interested in joining one of our teams as we grow?
If you’d like to join us on the journey of building the mobile bank the world loves to use, have a look at some of the roles we’re looking for here.