Site icon Emsisoft | Cybersecurity Blog

The SEPA Switch and Internet Fraud


On February 1, 2014, the Single Euro Payments Area (SEPA) becomes fully modernized.  Or at least it’s supposed to be.  February 1 is the deadline the EU has set in place for all banks located and operating within SEPA to update their systems to work with a new type of routing system that uses International Banking Account Numbers, or IBANs, to simplify international transfers.

The switch to IBAN has been years in the making and was expected to have been completed by 2010.  Both the massive scale of the project and EU citizens’ reluctance to change their ways have made progress slower than expected.  In recent weeks, the Feb. 1 deadline has even been extended by a six month grace period that will allow payments that differ from the IBAN format to go through until August 1, 2014.

IBAN is a massive step for SEPA and the euro.  But, it is also a massive opportunity for Internet Fraud.

SEPA Email Scams

33 countries comprise the Eurozone, and everyone knows the switch to the new SEPA banking system is a long time coming.  This includes thousands of older citizens who have used more traditional banking methods for years.  It also includes identity thieves, poised to attack.

Consider the following email, which Emsisoft intercepted while investigating the IBAN Switch:

SPARKASSE
BERLIN ROAD 40-41
10715 BERLIN
01/06/2014

Dear Customer,

As you are probably aware, the new SEPA payment system comes into force February 1, 2014.  SEPA (Single Euro Payments Area) is the new unified payment system that is valid throughout Europe. The new SEPA system transfers are not only faster and more reliable, but payments are safer and more secure as well.

Please follow the instructions in the link below:

www-sparkasse.de/kundenservise/sepa.abteilung

After completion of these steps, you will be contacted by a member of our Customer Service Department about the status of your account.

With online banking, you can control everything at the click of a mouse!  Monitor your savings, access your checking account, and transfer funds or standing orders all from your computer. Online banking offers many other advantages, too!

THE BENEFITS of online banking AT A GLANCE:

– Account access around the clock
– Quick access to any account
– Online banking from the comfort of your PC
– Flexibility in every corner of the world
– Clear accounting
– High safety standards
– Online banking is combined with telephone banking

To use all of these great services, please perform the update for SEPA migration as quickly as possible.

Sincerely,
Online Banking Department
SPARKASSE

 

This email, which takes advantage of the SEPA switch to IBAN, is a total fraud!  Clicking on the link leads to what appears to be a legitimate banking website but what is actually just a place for unsuspecting Internet users to sign away their banking credentials to an identity thief.

Preventing Fraud

Riding the coattails of a widely publicized international event like SEPA and the switch to IBAN is a sure way for fraudsters to score a few accounts.  Most people who have yet to make the switch to IBAN have a hard enough time using a computer, let alone spotting an email scam.  On top of this, older citizens reluctant to switch are also much more likely to have more savings to steal.

The fraudulent message from “SPARKASSE” is likely to be just one of many similar scams that will arise as the Feb. 1 deadline draws near.  The best way to treat any email of this nature is to simply not respond.  Most legitimate banks will never ask you for your credentials via email, and even if you or someone you know has yet to make the IBAN switch the necessary actions should take place in person or over the phone.

Using current events as a means of deception to commit fraud is a clever way to go about the crime.  In the coming weeks, it would not be surprising if other similar efforts followed suit.  Take for example the recent data breach at North American Target stores.  If you were among the now 110 million+ affected, you will probably be contacted by your credit card provider to discuss preventative security.  But how can you know that the messages you’re receiving are legitimate?  What’s standing between you and the next fraudulent scam?  Is broad scale Internet banking more trouble than it’s worth?  And will SEPA ever finish what it started?

These are all important questions for anyone who uses a PC.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

As for the IBAN switch, we’ll just have to see if SEPA can make full transition by August 1, or if the deadline – and the window for identity theft to occur – gets pushed back yet again.

Exit mobile version