Recently, the Police has seen a rise in banking scams that start with a fake email, allegedly sent by the bank, or a phone call from a fake banker, and end with a hacked and drained bank account. In just over a month, there have been at least twelve such cases with damages amounting to 1.4 million euros. In most cases, the victims of these scams were Slovenian legal entities.

phishing e banke

Example of a phishing email containing a link to a fake online bank

How do bank phishing scams work?

Bank phishing scams usually follow the same pattern:

  • Scammers send a phishing email that looks like it came from the bank to the legal entity’s email address.
  • The email falsely states that an urgent update or upgrade of the online banking is needed.
  • Emails always contain a clickable link.
  • By clicking the link, a website identical to the legitimate online banking website opens, requesting you to enter sensitive information.
  • After entering the requested information, the scammers call the legal entity’s contact person by phone, posing as the bank's technical assistance.
  • This is how they obtain all the necessary information for an unauthorised access to the bank account.
  • Scammers empty the bank account, usually by transferring the funds to a foreign bank account.

How to spot a phishing email?

Watch out for the following:

  • Emails (or text messages) that look like they were sent by the bank
  • Emails (or text messages) that include a clickable link
  • Links opening a page requesting additional information, such as tax numbers, telephone numbers or one-time passwords

Banks never ask their clients to enter personal information or login details by clicking a link sent via email or text message. If you have received a phishing email, do not click on the link! Delete the message immediately.

The Police advises

  • Always access your online banking services via the app or by manually entering the URL address – never by clicking on a link!
  • If you suspect that you have been a victim of a scam, collect all available documentation (emails, transaction details, mobile numbers, email addresses, IP addresses) and report it to the nearest police station and your bank as soon as possible.

Additional tips

You can find some additional information and tips on how to identify and protect yourself from online fraud attempts on the website of the Slovenian Computer Emergency Response Team SI-CERT and on websites of various Slovenian banks.