There are a few simple but important rules to remember when using online banking safely.
Here’s what you should do to keep your data safe and avoid falling victim to fraudsters.  

Ensure that your computer
and devices are protected

Personal computer protection

The fundamentals:

Install the manufacturer’s updates, which will protect you from known vulnerabilities

Make backup copies of your data. This will protect you from losing the data you are storing and allow you to restore it

Use screensavers when you’re not at your computer

Install antivirus software on your computer

Ensuring that your computer has sufficient antivirus protection is very important. Although Windows 10, for example, already has built-in antivirus software (Windows Defender), it’s a good idea to supplement it with specialised tools from other companies.

There is a good selection of antivirus software available, both free and premium. 

Here are a few free options to choose from:

- Avast

- AVG AntiVirus FREE

- Avira Free Security

- Bitdefender Antivirus Free Edition

- Kaspersky

- Panda Free Antivirus

- Sophos u.c.

Mobile device protection:

Mobile devices are also prone to attack and must be protected:

Do not use the Internet Bank or Mobile Digipass on devices:

- that have been jailbroken (a term for hacking your device in order to install unsupported or pirated software);

- that have been used to run any hacked games or apps.

We recommend antivirus protection for mobile devices. There are plenty of products available, including free solutions such as Avira, Bitdefender, G Data, Kaspersky, McAfee, NortonLifeLock, Sophos, Trend Micro etc. These can be downloaded from the AppStore for iPhones and from Google Play for Android phones.

Protect your devices with a PIN, password or biometric data (such as a fingerprint).

Install the device manufacturer’s updates to protect against known vulnerabilities.

Make backup copies of your data. This will protect you from losing the data you held on the device and allow you to restore it to any of your devices.

Guidelines for safe online banking 

Make sure your online banking website is authentic

Enter your Internet Bank account credentials details on the BluOr Internet Bank website only: the browser address line should start with

  • When you make purchases online or log in to portals such as, you will be redirected to as well.
  • You can also access the Internet Bank from the bank’s website at In the top corner, you will see a link to the Internet Bank:
  • i-banka
  • Do not follow links sent to you via email or SMS – bad actors nowadays can spoof bank email addresses or phone numbers and send you links to scam sites that look genuine (except for the address line – Instead, you can use a search engine (Google, Yandex, etc.) to access the Internet Bank:
  • search
  • Wherever possible, avoid using public computers (in hotels, cafés, etc.). Once you’re done with the Internet Bank, don’t forget to press the exit button in the top right corner instead of closing the browser window.

Choose secure and protected authentication tools for your connection

Secure Customer Authentication (SCA) is used for access to the Internet Bank and for making any payments. To ensure this, BluOr Bank offers its customers secure and modern authentication tools: physical and mobile (logical) Digipass.
We recommend the Mobile Digipass as it is a more user-friendly and secure solution.

Mobile Digipass

The mobile Digipass can be downloaded on your mobile device from the AppStore/Google Play, as well as from the Internet Bank gateway (
A description can be found at .

Physical Digipass

The physical Digipass can be purchased at the Bank’s branch (Riga, Jēkaba iela 2), a description and instructions can be downloaded at When creating a Digipass PIN, avoid easy-to-remember number combinations such as 0000, 1111

Password plus SMS

If you are using “Password plus SMS” and do not plan to switch to more modern login methods, you may find this information for creating a secure password useful:

Creating a secure password
  • Your password must meet all of the following requirements:
    - contains at least one capital letter of the Latin alphabet;
    - contains at least one lowercase letter of the Latin alphabet;
    - contains at least one digit (0-9);
    - is at least 8 characters long;
  • Your password must be different from other passwords you use for email, social networks, etc;
  • Avoid using:
    - personally significant numbers such as the year, date of birth or phone number;
    - (often used) names related to you, your family members or pets, car licence plate;
    - a single, logically identifiable word in any language;
    - three (3) or more adjacent keyboard characters (e.g. “qwe” or “123”) in a row;
    - letters of the alphabet in sequence (e.g. abcdefg)
    Examples of insecure passwords are March2021, 2021Spring, Linda2000, Privet2021, etc.

Examples of creating a password:
Use a phrase:
  • Start with first (or second, last etc.) letters of the words in the phrase, plus a number:
    - “Five little ducks went swimming one day. Over the hills and far away.” -> 5ldws1dOthafa
    - “The wipers on the bus go “Swish, swish, swish” All through the town.” -> twotbg3Sattt
    - “Neunundneunzig Luftballons auf ihrem Weg zum Horizont” -> 99LbsaiWzH
    - “March password – have a nice day” -> 03Mpw-hndy
  • Write the full phrase:
    - Feb22SecurePasswordWow
Whenever you enter your password, make sure no one can see it. Don’t let browsers remember your Internet Bank or recovery email passwords.

Keep your authentication tools in a secure place, out of the reach of potential fraudsters. Do not use them in public, in front of employees or members of the household.
Never provide your means of authentication to another person. If more than one person needs access to an account (e.g. a company account), dedicated user access rights must always be set up for each individual.
These “Password plus SMS” instructions can be downloaded at the bottom of our website on

Other safety measures

Set payment limits

To reduce the risk of fraud and potential losses, maximum payment limits have been set for each type of connection.
To control the volume of outgoing payments, you can change them yourself using the Daily Payment Limits. You can find more details in the Internet Bank manual (available for download at the bottom of the Internet Bank login page).

Review user activities

We recommend that you regularly review your account statements, especially outgoing payment operations.
You can see the date and time of the previous login on each page of Internet Bank (bottom). In case of suspicion, you can check the details of all Internet Bank activities from your account under Information – Activity Log.
If you ever have any suspicions about the above, please contact the bank by calling +371 67 031 333

For extra security, use SMS notifications about transactions

To keep track of all money movements on your accounts and cards, you can subscribe to SMS notifications on all card payments, as well as transactions made on any of your Payment Card Accounts or Current Accounts.

Suspicious payment confirmation prompt

As part of our commitment to your financial security, BluOr Bank has implemented a specialized payment and Internet banking analysis tool that allows you to detect suspicious payments and Internet Bank activities.
In suspicious cases, a bank employee will:
  • contact you by calling the registered contact number and check for verbal consent to the suspicious payment, or ask you to file a request via the Internet Bank after the call is over;
  • send you an email with the payment made and stopped and a request to send additional documents via Internet Bank. The Bank will never ask you to send your access or card details.
Under no circumstances will a Bank employee ask you to provide your Digipass PIN or login code, password or any other information that may be used to log in to your Internet Bank.

How to avoid scammers’ traps

General recommendations

  • Do not disclose your Internet Bank login credentials (Digipass PIN, display code, passwords, etc.).
  • If the Mobile Digipass app asks you to enter a payment confirmation code from your smartphone – always review the name and amount of the beneficiary (and the exact amount you want to transfer to them).
  • Never disclose your payment card details, i.e. Any combination of PIN (4 digits), full card number (PAN) and/or CVV2.
  • If somebody says they are calling you on behalf of the bank but asks you to disclose information that would allow them to log in to your Internet Bank (code displayed on your Digipass, etc.) – find out the name and job title of the caller, hang up the phone and call the bank’s hotline: +371 67 031 333 .
Dati maksajuma karte


Malicious actors routinely send fake emails on behalf of banks, partners or other organisations in order to gain access to online banking solutions, payment card data or other sensitive information, to extort money by falsifying business invoices, by promising big profits or by threatening trouble.

How to recognise fake emails

  • Forged sender address – Malicious actors often spoof the sender of an email.
    What to do:. The domain must match the organisation (e.g. emails from BluOr Bank should always end in
  • Changing partners’ bank details – one of the “textbook” ways of defrauding companies. Fraudsters try to hack into partners’ mailboxes, intercept or forge emails from partners in order to spoof an invoice the payer expects to receive. As a result, a fake invoice may be delivered to your providing the fraudsters’ bank details (usually requesting a transfer to another bank in another country). This is usually explained away by mentioning problems with the partner’s bank, an ongoing audit, cash flow issues or some urgent need.
    What to do: if your business partner asks you to change your bank details for payments, call the phone number you know and make sure the details are correct.
  • Referral to an untrustworthy website – when the recipient of an email or SMS clicks on link or attachment icon, they are redirected to a fake website that may attempt to upload malware to their device or spoof a “real” website in order to steal login credentials.
    What to do: before clicking on the link in an email, hover over it to see exactly where you will be redirected. For more information, please refer to “Make sure your online banking website is authentic”.
  • A link to a fraudulent website disguised as an attached file icon – bad actors may ask you download a file containing “important” information. The file may run malicious code on your device, or the attachment icon itself may be a link taking you to a fake website.
    What to do: install antivirus software on your device. Before you click on an attached file, hover the mouse pointer over it to check that it does not point to a malicious website.
  • Request for confidential information – – fraudsters may ask you to send them payment card details, which will be used in subsequent scams. They may also ask you to send personal details and other information.
    What to do: Ignore.
  • scammers often announce fake winnings, askingyou to provide payment card details, internet banking login details or deposit money “for fees” etc. before they can promise to remit your reward. They may say that “your mailbox/account/IP/etc. just won a lottery” and ask for card data – this happens to be one of the most popular techniques used by fraudsters.
    What to do: If you didn’t enter their lottery, you most probably haven’t won anything either. Check the sender of the email by hovering your mouse pointer over the
    – does the domain match the sender’s organisation? (For example, Google should have an email address ending in Check online whether the organisation has held the lottery mentioned in the email, and whether it is possible that fraudsters are sending fake emails about prizes on behalf of that organisation.
    Other types and examples of fraudulent emails can be found here “Examples of fake emails”.

Examples of fake emails:
Aizdomīga e-pasta pazīmes nr.1 Aizdomīga e-pasta pazīmes nr.2


Fraudsters often call and impersonate bank representatives or government officials. Often, they create tension that a suspicious transfer is being made from your account and your money is at risk. During the conversation, the customer is pressured to give Internet Bank access and confirmation details or to confirm (e.g. on Mobile Digipass) entry to Internet Bank and payment, which is called a “test”, etc.
Fraudsters spoof phone numbers, so the fraudster’s number may appear on your phone as a bank or other trusted number.

How to recognise fake calls

  • Cannot speak Latvian or English fluently.Fraudsters in Latvia often speak Russian fluently and/or with almost no accent, and might speak English (although a thick non-native accent is also a warning sign), but very rarely Latvian. This is usually explained by having a “special Russian-speaking customer service department”, a “technical specialist without extensive language proficiency”, etc.
    What you should know: Any bank employee will freely and happily switch to speaking Latvian with you as soon as you ask for it. The laws of the Republic of Latvia require them to have adequate proficiency in the state language.
  • Requests Internet Bank access data, including a Digipass-generated code, your Internet Bank password and/or SMS confirmation code received from the Bank’s number. If you provide them with such data, the fraudster can log into your account and use it as they please.
    What you should know: : a bank employee will never ask you for your Internet Bank access details. If a bank employee needs to contact you, they will ask you for your voice password for authentication – the voice password is used for communication over the phone only, and cannot be used to connect to the Internet Bank.
  • Requires you to verify a “fraudulent cancellation”, “test” payments, or access to the Internet Bank on your smartphone.
    What you should know: There are no “test” payments, customers can cancel payments by writing a letter to the bank in Internet Bank. Pending payments are cancelled by the customer, no separate authentication is required (apart from logging in to Internet Bank).
  • Speaks in an intimidating, urgent manner, uses psychological techniques to exploit people’s weaknesses.
    What to do:
    If you have even the slightest suspicion, ask the caller’s name and title, hang up and call the bank’s information line yourself: +371 67 031 333 (do not use the callback function). The bank’s staff will be happy to answer your call to the number indicated on the bank’s home page. Fraudsters usually insist that you deal with them “here and now”, in which case you should at least insist on calling them back directly on their “personal” phone – you can use “remote work” as an excuse for your inability to deal with their call immediately.

Investment offers

Fraudsters may also pose as investment brokers or bank employees and offer you extremely lucrative investments in shares, bonds, cryptocurrencies or other assets. They may even simply urge you to transfer funds sham accounts. Fraudsters often create scam websites where their victims can follow the “rising profits” to encourage more and more investment as the victim sees how successfully their “investments” have performed so far. Withdrawing funds will usually be impossible or extremely difficult, fraudsters will try to discourage divestment by promising even better returns down the line.

How to spot an investment fraudster

  • Requests your access details to banking, Internet Bank or e-signature tools.
  • Urges or encourages you to install particular software in order to invest or to “communicate securely”. Such software usually grants the fraudster control of the victim’s computer, e.g. TeamViewer or AnyDesk, and is not something any decent investment provider would ever do or even suggest.
  • Promises inadequate opportunities, even zero risk and huge profits at the same time.
  • Aggressively rushes to action using psychological techniques, seeking out weaknesses.
  • Operates illegally. The state only protects clients who invest in the services of licensed operators. To check a potential partner’s license and contact information, visit the website of the Financial and Capital Market Commission:
  • Cannot speak Latvian or English fluently. Fraudsters in Latvia often speak Russian fluently and/or with almost no accent, and might speak English (although a thick non-native accent is also a warning sign), but very rarely Latvian. This is usually explained by having a “special Russian-speaking customer service department”, a “technical specialist without extensive language proficiency”, etc. The laws of the Republic of Latvia require them to have adequate proficiency in the state language.