The latest trend in phishing against Greek banks is that they call the victim on the phone and inform him that he will receive an SMS supposedly about an incoming money transfer! The victim indeed receives such an SMS and provides the phishing web page with the victim’s e-banking credentials. The culprits connect the victim’s Viber account to a device of their own by convincing the victim to handover a 6-digit code that the victim receives from Viber. In continuance the victim loses access to Viber and the perpetrators manage to steal money from the victim by using the e-banking credentials, which they obtained through the phishing webpage, and the OTP codes, which they receive from the bank in the Viber account on their own device.
V4ensics advice you to be cautious!
1) Nobody will send you money that you do not expect.
2) If you receive an SMS, whose sender appears to be the name of your bank, it does not necessarily mean that the message is indeed from your bank! Check the link contained in the e-mail and under no circumstances do not handover your e-banking credentials.
3) If you handover credentials and you realize it, call the bank immediately and tell them to lock your web banking account immediately, block any attempts to transfer money and check the account for suspicious activity.
4) If you receive an SMS from Viber, which contains a code, says “Getting this message by mistake?” and includes a link (https://reports.viber.com/…) Check that the link truly takes you to reports.viber.com and if it does, report the message (unless of course you requested for it).
5) Under no circumstances do not handover the code from Viber to the person that phoned you or to the phishing webpage!
6) If indeed you are tricked and lose access to your Viber account, call the bank immediately and tell them to lock your web banking account immediately, block any attempts to transfer money and check the account for suspicious activity.
7) If indeed you are tricked and lose access to your Viber account, call your Viber contacts, and inform them that they might be targeted through Viber by persons, who will impersonate you. Use means provided by Viber to recover your Viber account and kick the perpetrators out of your account.
8) Regardless of if the perpetrators trick you and / or defraud you from money inform the judicial authorities on the fraud / attempted fraud. Someone will definitely benefit from you doing so…
This post intends to inform the public on ongoing illicit activity, which has been reported to / seen by V4ensics the least twice in the company’s endeavours.”