A large number of customers of the National Bank of Greece have recently reported receiving fraudulent messages purporting to officially come from the credit institution targeting their digital inboxes.
The email scam, supposedly sent from the specific bank, is titled “Transaction Security: Third Notice for Verification.”
The scammers’ goal is to steal sensitive personal information through a “data update” process, urging customers to disclose personal data such as their bank account PIN codes used by customers to validate their bank transactions. Additionally, it asks the bank’s clients to verify their cell phone number by clicking on a link.
The fraudulent “National Bank of Greece” message reads:
________________________________________
Dear Customer,
This is the third notification from the National Bank. We request your approval as we have made security improvements for online transactions.
Please follow the instructions below to reactivate your Internet access:
Verification
If you would like to contact us, please reply to this email.
Sincerely,
National Bank of Greece
________________________________________
The sender which has a Canadian-based address has no connection to the National Bank of Greece. The email in question is a phishing attempt, aiming to extract personal information by using fake and deceptive details.
It should be noted that all banking institutions have clarified that they never request information updates via email.
The Ministry of Digital Governance has reported a rise in phishing emails, the practice of sending fraudulent communications that appear to come from a legitimate and reputable source, usually through email and text messaging, in Greece.
The National Cybersecurity Authority of the Ministry of Digital Governance has shared useful guidelines to safeguard citizens from such scams which caution citizens from sharing personal details (e.g., TaxisNet, e-Banking codes, card numbers/PINs, passwords) with purported intermediaries, law firms or accountants.
The ministry also stresses that they should only access trustworthy websites of institutions, organizations, or banks via their official sites or mobile applications.