Fraudsters have become more active on Telegram: how to protect yourself from fake bank chatbots
17 May 05:17
Fraudsters have become more active in Ukraine, creating fake chatbots on Telegram disguised as official bank support accounts. Their goal is to lure out confidential user information and gain access to bank accounts. This was reported by the Telegram channel of the State Service of Special Communications and Information Protection of Ukraine, "Komersant Ukrainian" reports
How fraudsters work
Fraudsters create chatbots that look like official bank channels. To inspire trust, they add an emoji to the account name that imitates a “blue tick” – a verification sign usually associated with verified accounts. Such bots can have names that are almost identical to real ones. Attackers send messages or advertise these bots, offering “help” with banking transactions, card unlocking, or other financial issues.
When a user interacts with a fake bot, fraudsters ask for confidential data: card pin, CVV2/CVC2, login or password for mobile banking. Having received this information, the attackers can steal funds from the account or use the data for other fraudulent transactions. Victims often do not suspect the fraud, as the chatbot looks as plausible as possible.
How to protect yourself from fraud
To avoid becoming a victim of fraud, follow a few simple but effective rules. First, never enter confidential data in chatbots. Real banks never ask for a PIN, CVV2/CVC2, login, or password via messengers. If a bot asks for such data, it is 100% fraud.
Second, use only official channels of communication with the bank. These include:
- Your bank’s mobile application downloaded from official stores (Google Play, App Store).
- The official website of the bank, the address of which is indicated in official sources.
- The customer service phone number indicated on the back of your payment card.
If you need a bank chatbot, look for a link to it exclusively on the official website or in the official mobile application. Avoid clicking on suspicious links that come in messages or advertisements.
Third, always check the services where you enter your data. Pay attention to the account name: even a slight difference in characters or additional emojis may indicate a fake.
