There are a few simple but important rules to remember when using online banking safely.
Here’s what you should do to keep your data safe and avoid falling victim to fraudsters.
Ensure that your computer
and devices are protected
Personal computer protection
• Install the manufacturer’s updates, which will protect you from known vulnerabilities
• Make backup copies of your data. This will protect you from losing the data you are storing and allow you to restore it
• Use screensavers when you’re not at your computer
• Install antivirus software on your computer
Ensuring that your computer has sufficient antivirus protection is very important. Although Windows 10, for example, already has built-in antivirus software (Windows Defender), it’s a good idea to supplement it with specialised tools from other companies.
There is a good selection of antivirus software available, both free and premium.Here are a few free options to choose from:
- Bitdefender Antivirus Free Edition
Mobile device protection:
Mobile devices are also prone to attack and must be protected:
• Do not use the Internet Bank or Mobile Digipass on devices:
- that have been jailbroken (a term for hacking your device in order to install unsupported or pirated software);
- that have been used to run any hacked games or apps.
• We recommend antivirus protection for mobile devices. There are plenty of products available, including free solutions such as Avira, Bitdefender, G Data, Kaspersky, McAfee, NortonLifeLock, Sophos, Trend Micro etc. These can be downloaded from the AppStore for iPhones and from Google Play for Android phones.
• Protect your devices with a PIN, password or biometric data (such as a fingerprint).
• Install the device manufacturer’s updates to protect against known vulnerabilities.
• Make backup copies of your data. This will protect you from losing the data you held on the device and allow you to restore it to any of your devices.
Guidelines for safe online banking
- When you make purchases online or log in to portals such as latvija.lv, you will be redirected to https://ib.bluorbank.lv as well.
- You can also access the Internet Bank from the bank’s website at https://www.bluorbank.lv/lv In the top corner, you will see a link to the Internet Bank:
- Do not follow links sent to you via email or SMS – bad actors nowadays can spoof bank email addresses or phone numbers and send you links to scam sites that look genuine (except for the address line – https://ib.bluorbank.lv). Instead, you can use a search engine (Google, Yandex, etc.) to access the Internet Bank:
- Wherever possible, avoid using public computers (in hotels, cafés, etc.). Once you’re done with the Internet Bank, don’t forget to press the exit button in the top right corner instead of closing the browser window.
We recommend the Mobile Digipass as it is a more user-friendly and secure solution.
A description can be found at https://www.bluorbank.lv/en/mobile-bank .
Password plus SMS
Creating a secure password
- Your password must meet all of the following requirements:
- contains at least one capital letter of the Latin alphabet;
- contains at least one lowercase letter of the Latin alphabet;
- contains at least one digit (0-9);
- is at least 8 characters long;
- Your password must be different from other passwords you use for email, social networks, etc;
- Avoid using:
- personally significant numbers such as the year, date of birth or phone number;
- (often used) names related to you, your family members or pets, car licence plate;
- a single, logically identifiable word in any language;
- three (3) or more adjacent keyboard characters (e.g. “qwe” or “123”) in a row;
- letters of the alphabet in sequence (e.g. abcdefg)
Examples of insecure passwords are March2021, 2021Spring, Linda2000, Privet2021, etc.
Examples of creating a password:
- Start with first (or second, last etc.) letters of the words in the phrase, plus a number:
- “Five little ducks went swimming one day. Over the hills and far away.” -> 5ldws1dOthafa
- “The wipers on the bus go “Swish, swish, swish” All through the town.” -> twotbg3Sattt
- “Neunundneunzig Luftballons auf ihrem Weg zum Horizont” -> 99LbsaiWzH
- “March password – have a nice day” -> 03Mpw-hndy
- Write the full phrase:
Never provide your means of authentication to another person. If more than one person needs access to an account (e.g. a company account), dedicated user access rights must always be set up for each individual.
These “Password plus SMS” instructions can be downloaded at the bottom of our website on https://ib.bluorbank.lv
Set payment limits
To control the volume of outgoing payments, you can change them yourself using the Daily Payment Limits. You can find more details in the Internet Bank manual (available for download at the bottom of the Internet Bank login page).
Review user activities
You can see the date and time of the previous login on each page of Internet Bank (bottom). In case of suspicion, you can check the details of all Internet Bank activities from your account under Information – Activity Log.
If you ever have any suspicions about the above, please contact the bank by calling +371 67 031 333
For extra security, use SMS notifications about transactions
Suspicious payment confirmation prompt
In suspicious cases, a bank employee will:
- contact you by calling the registered contact number and check for verbal consent to the suspicious payment, or ask you to file a request via the Internet Bank after the call is over;
- send you an email with the payment made and stopped and a request to send additional documents via Internet Bank. The Bank will never ask you to send your access or card details.
How to avoid scammers’ traps
- Do not disclose your Internet Bank login credentials (Digipass PIN, display code, passwords, etc.).
- If the Mobile Digipass app asks you to enter a payment confirmation code from your smartphone – always review the name and amount of the beneficiary (and the exact amount you want to transfer to them).
- Never disclose your payment card details, i.e. Any combination of PIN (4 digits), full card number (PAN) and/or CVV2.
- If somebody says they are calling you on behalf of the bank but asks you to disclose information that would allow them to log in to your Internet Bank (code displayed on your Digipass, etc.) – find out the name and job title of the caller, hang up the phone and call the bank’s hotline: +371 67 031 333 .
How to recognise fake emails
- Forged sender address – Malicious actors often spoof the sender of an email.
What to do:. The domain must match the organisation (e.g. emails from BluOr Bank should always end in @bluorbank.lv).
- Changing partners’ bank details – one of the “textbook” ways of defrauding companies. Fraudsters try to hack into partners’ mailboxes, intercept or forge emails from partners in order to spoof an invoice the payer expects to receive. As a result, a fake invoice may be delivered to your providing the fraudsters’ bank details (usually requesting a transfer to another bank in another country). This is usually explained away by mentioning problems with the partner’s bank, an ongoing audit, cash flow issues or some urgent need.
What to do: if your business partner asks you to change your bank details for payments, call the phone number you know and make sure the details are correct.
- Referral to an untrustworthy website – when the recipient of an email or SMS clicks on link or attachment icon, they are redirected to a fake website that may attempt to upload malware to their device or spoof a “real” website in order to steal login credentials.
What to do: before clicking on the link in an email, hover over it to see exactly where you will be redirected. For more information, please refer to “Make sure your online banking website is authentic”.
- A link to a fraudulent website disguised as an attached file icon – bad actors may ask you download a file containing “important” information. The file may run malicious code on your device, or the attachment icon itself may be a link taking you to a fake website.
What to do: install antivirus software on your device. Before you click on an attached file, hover the mouse pointer over it to check that it does not point to a malicious website.
- Request for confidential information – – fraudsters may ask you to send them payment card details, which will be used in subsequent scams. They may also ask you to send personal details and other information.
What to do: Ignore.
scammers often announce fake winnings, askingyou to provide payment card details, internet banking login details or deposit money “for fees” etc. before they can promise to remit your reward. They may say that “your mailbox/account/IP/etc. just won a lottery” and ask for card data – this happens to be one of the most popular techniques used by fraudsters.
What to do: If you didn’t enter their lottery, you most probably haven’t won anything either. Check the sender of the email by hovering your mouse pointer over the – does the domain match the sender’s organisation? (For example, Google should have an email address ending in @google.com) Check online whether the organisation has held the lottery mentioned in the email, and whether it is possible that fraudsters are sending fake emails about prizes on behalf of that organisation.
Other types and examples of fraudulent emails can be found here “Examples of fake emails”.
Examples of fake emails:
Fraudsters spoof phone numbers, so the fraudster’s number may appear on your phone as a bank or other trusted number.
How to recognise fake calls
- Cannot speak Latvian or English fluently.Fraudsters in Latvia often speak Russian fluently and/or with almost no accent, and might speak English (although a thick non-native accent is also a warning sign), but very rarely Latvian. This is usually explained by having a “special Russian-speaking customer service department”, a “technical specialist without extensive language proficiency”, etc.
What you should know: Any bank employee will freely and happily switch to speaking Latvian with you as soon as you ask for it. The laws of the Republic of Latvia require them to have adequate proficiency in the state language.
- Requests Internet Bank access data, including a Digipass-generated code, your Internet Bank password and/or SMS confirmation code received from the Bank’s number. If you provide them with such data, the fraudster can log into your account and use it as they please.
What you should know: : a bank employee will never ask you for your Internet Bank access details. If a bank employee needs to contact you, they will ask you for your voice password for authentication – the voice password is used for communication over the phone only, and cannot be used to connect to the Internet Bank.
- Requires you to verify a “fraudulent cancellation”, “test” payments, or access to the Internet Bank on your smartphone.
What you should know: There are no “test” payments, customers can cancel payments by writing a letter to the bank in Internet Bank. Pending payments are cancelled by the customer, no separate authentication is required (apart from logging in to Internet Bank).
- Speaks in an intimidating, urgent manner, uses psychological techniques to exploit people’s weaknesses.
What to do: If you have even the slightest suspicion, ask the caller’s name and title, hang up and call the bank’s information line yourself: +371 67 031 333 (do not use the callback function). The bank’s staff will be happy to answer your call to the number indicated on the bank’s home page. Fraudsters usually insist that you deal with them “here and now”, in which case you should at least insist on calling them back directly on their “personal” phone – you can use “remote work” as an excuse for your inability to deal with their call immediately.
How to spot an investment fraudster
- Requests your access details to banking, Internet Bank or e-signature tools.
- Urges or encourages you to install particular software in order to invest or to “communicate securely”. Such software usually grants the fraudster control of the victim’s computer, e.g. TeamViewer or AnyDesk, and is not something any decent investment provider would ever do or even suggest.
- Promises inadequate opportunities, even zero risk and huge profits at the same time.
- Aggressively rushes to action using psychological techniques, seeking out weaknesses.
- Operates illegally. The state only protects clients who invest in the services of licensed operators. To check a potential partner’s license and contact information, visit the website of the Financial and Capital Market Commission: https://www.fktk.lv/tirgus-dalibnieki/ieguldijumu-pakalpojumu-sniedzeji/
- Cannot speak Latvian or English fluently. Fraudsters in Latvia often speak Russian fluently and/or with almost no accent, and might speak English (although a thick non-native accent is also a warning sign), but very rarely Latvian. This is usually explained by having a “special Russian-speaking customer service department”, a “technical specialist without extensive language proficiency”, etc. The laws of the Republic of Latvia require them to have adequate proficiency in the state language.