Safe banking

The PIN (personal identification number) is intended for your use only and must not be disclosed to third parties. It consists of at least four and at most eight characters. Do not write down or save your PIN and TAN so that they do not fall into the wrong hands. Make sure that no one is watching you when you enter your PIN or TAN. Each TAN can only be used once and expires after three minutes. Therefore, please keep the device you use to generate the TAN safe.

If you discover that another person knows your PIN or TAN or both, or if you suspect that they are being misused, you are obliged to change or block your PIN immediately. If this is not possible, please inform us immediately. You can reach our blocking hotline daily from 8:00 a.m. to 5:00 p.m. at +49 69 2177-3232.

Do not use a “weak PIN” (e.g., 11111 or 12345). Mix letters and numbers. Please do not use commonly known or accessible data, such as your date of birth. Change your PIN regularly (the PIN must consist of four to eight characters).

Always use the latest version of your Internet browser. This offers the highest level of security, as known bugs have already been fixed.

When surfing the Internet or receiving emails, there is a risk that you may receive a program or file attachment containing a virus. The virus could damage your computer and seriously compromise its security. Antivirus programs offer good protection. Never install programs from dubious sources (e.g., chats, newsgroups) and do not open emails from dubious senders. When downloading software, always check the identity of the website.

Use antivirus programs and a personal firewall. A personal firewall can protect your computer from external attacks and warn you if someone tries to hack into your computer while you are online. Make sure that the antivirus program is always activated, even when you are not online. Always install the latest updates and perform a complete virus scan regularly (e.g., once a week).

As soon as you access the login page of our online banking portal, an encrypted connection, known as an SSL connection (Secure Socket Layer connection), is established between your PC and our server. This ensures that the data exchanged is encrypted with a code that is only known to your PC and our server. A secure connection is indicated by a URL beginning with https. The icon in front of the browser line shows our logo.

When you leave your PC, log out of the online banking portal, switch it off, or lock it. Particular caution is advised when accessing the online banking portal via public Internet service providers or Internet cafés. In such cases, always ensure that you have logged out completely and, ideally, close the browser.

If you are inactive for 5 minutes after logging in, you will be automatically logged out. This reduces the risk of third parties using your account without authorization. Log in again to continue working in the online banking portal.

Further information on the subject of security can also be found here:

Bankenverband

BaFin

How phishing works

In phishing, fraudsters send you an email that looks very similar to a message from your bank or a well-known company. The email asks you to click on a link or attachment that takes you to a fake website that looks very similar to that of the bank or company. On the website, you are usually asked to enter your data, your PIN, and your authentication via your preferred TAN procedure. If you click on the links or the attachment in the email, fraudsters can also install malware on your computer without you noticing.

Do not reply to such emails and do not open these links. Our employees will never ask you for your password or TAN. Enter our address abnamro.de every time you log in.

How to recognize a fake email

Anyone can use the name of a business or bank as the sender name, so always check the sender's email address. You can do this by clicking on the sender's name. Fraudsters often have long, complicated email addresses.

How smishing works

In smishing, fraudsters send you a text message that is very similar to an SMS from the respective bank, institution, or company. Have you received such an SMS? Please inform us via our contact form.

How does debt collection phishing work?

A fraudster sends you an email that appears to come from your bank. The email states that you have authorized a company or person, or that a new direct debit will soon be debited from your account. To decline, you are asked to click on the hyperlink provided in the email. When you click on the hyperlink, you are redirected to a phishing website.

What happens then?

You will usually be asked to provide information such as your name, telephone number, or personal PIN number and authentication via your preferred TAN procedure. Once you have done this, fraudsters can carry out a transaction using your data, or they will call you, pretend to be bank employees, and offer to “help” you. Even if the phone number looks similar to the bank's, it is a trick. Fraudsters will ask you to transfer money to an account at another bank.

Please remember that we will never ask you to share your data, your personal PIN number, or your authentication with us. We will also never ask you to transfer money to another bank account.

If you click on a link or attachment from a scammer, your computer may be infected with a virus, also known as malware.

How it works

If you click on a fraudulent link, your computer may be infected with a virus. This gives scammers access to your bank accounts and allows them to transfer money from your checking account to their own accounts.

Example: SMS fraud

Fraudsters pretend to be parcel delivery companies. They send text messages with a link that asks you to install an app that allows you to track the delivery of your parcel. This app is not available in any official app store. When you download the app, you install malware. This gives the fraudsters access to your banking apps and contacts, among other things. The fraudsters send the same text message to everyone in your contact list. Have you installed the malware on your phone? Let us know and reset your device to factory settings as soon as possible.

How to prevent scammers from installing malware on your computer or mobile phone

• Never click on attachments or links in an unexpected email.
• Follow the security tips above.
• Use an up-to-date virus scanner.
• Always install updates.
• Only download apps from official app stores.

How it works

Fraudsters often call you after you have received a phishing email and entered your details on a fake website. Fraudsters can be very convincing when they know these details about you. They try to gain your trust and persuade you to reveal your security codes, which they can then use to transfer money from your account.

Manipulation

The phone number used by fraudsters to call you may be identical to that of your bank. This is known as “spoofing.” If you are unsure, call the bank yourself. Do not disclose any details and do not transfer any money.

• Important information
• We will never ask you for your security codes
• We will never ask you to transfer money
• We will never send you a link via email or text message that you can use to log in to the app or online banking
• Report suspicious calls using our contact form

Someone calls you “on behalf of Microsoft”

Scammers who call you “on behalf of Microsoft” often speak English, but not always. Sometimes they use other company names, such as Facebook, Instagram, Amazon, and Google.

How it works

The callers tell you that you have a problem with your computer and that they need to access your computer to fix it for you. They will ask you to go to a website and download software. This software allows scammers to access your computer and control it remotely. To gain your trust, they first pretend to perform complicated checks before announcing that they can “solve the problem for you,” but only if you pay a small fee via online banking. 

At this point, the scammers still have access to your computer! They will try to distract you so that they can change the amount or currency, for example, and you transfer a much higher amount than you intended.

• What you can do
• Ignore unwanted requests from unknown parties concerning your computer.
• If you are unsure whether the request is genuine, hang up and close your online banking session.
• Close the program that the scammers used to access your computer.
• Delete the software that the scammers sent you.

Fraudsters want you to transfer money to their accounts and use various tricks to do so. For example, they may send you a fake invoice “on behalf of a well-known company.”

How it works

Fraudsters put pressure on you by telling you that you are in arrears and threatening to charge you additional fees or contact a debt collection agency. Fraudsters send fake invoices, e.g. for  registration fees, parking fees.

What you can do

• Search the internet for the company's official website. Check who sent the invoice and what account number is listed on it.
• Check whether you or one of your family members were expecting the invoice.
• If you think it's suspicious, open the company's official website and call the phone number listed.

If you sell items online, e.g. on eBay, you may be contacted by fraudsters who pretend to want to buy something from you. They will usually contact you via WhatsApp or another messaging app.

Here's how it works

The scammer will ask you to transfer a small amount (e.g., $0.01) to them “to make sure it works.” You will receive a payment request that takes you to a fake website, not the website of Bethmann Bank, ABN AMRO, iDEAL, Tikkie, bunq, or any other bank. However, the website will look very similar to the one you expect.

The scammer will log into your online banking with the details you have entered and transfer money to their own checking account.

What you can do

• Always be careful when clicking on links you have received via WhatsApp.
• Ignore payment requests from people you do not know.
• Check whether the website provided actually exists.

Scammers use social media platforms such as WhatsApp and Facebook to pose as friends or family members and try to gain your trust by saying that they have temporarily changed their phone number. This is known as social engineering.

How it works

Scammers often use the profile photos of your friends or family and ask you to lend them money. They will ask you to transfer it as quickly as possible so that they can buy a train or plane ticket, for example.

Report the phone number to WhatsApp

If you report the scammer's phone number to WhatsApp, the number will be blocked once they have confirmed that the report is valid. This way, you can help prevent other people from being scammed. Would you like to save the content of the chat conversation to report it to the police?

• Take a screenshot.
• Open the chat conversation you want to report to WhatsApp.
• Tap the three dots in the upper right corner.
• Tap “More” and then “Report.”
• Tap the contact you want to report.
• Scroll down and tap “Report contact.”

These steps may look slightly different on your own mobile phone.

Fraudsters also act as sellers who sell you something but do not send it to you after you have made the payment.

How it works:

Fraudsters try to sell something on eBay or in online shops, which they then delete after a few days. If an offer seems too good to be true, it probably is!

What you can do:

• Look closely at the photos and check whether they appear genuine or could have been stolen. 
• If the price seems too good to be true, you need to be especially careful. Check whether the product you want to buy is actually genuine or whether it is an illegal version.
• If you have been the victim of fraud, always take a screenshot of the ad or website. Report the fraud to the police and contact us via our contact form.

SIM swapping, also known as SIM card swapping, is a type of fraud in which a hacker uses a user's mobile phone number. This allows them to take control of the victim's online identity and repeatedly steal large sums of money.

Here's how it works:

First, the attacker obtains personal data from the victim. SIM swapping usually requires knowledge of the victim's name, mobile phone number, and, in some cases, postal address or login details for the mobile phone provider's online portal. Such information can be obtained through social engineering methods such as phishing emails or even purchased.

Mobile phone providers offer their customers the option of sending a new SIM card – e.g., if the cell phone has been lost, the SIM card has a technical defect, or a new cell phone requires a different SIM card format. The previous phone number is transferred to the new SIM card. In a SIM swapping attack, the attacker pretends to be the actual customer to the mobile phone provider – either on the online portal (if they have previously obtained the access data) or by telephone in the customer service center (often, the date of birth, postal address, or IBAN are sufficient to identify themselves). It is also conceivable that the contract could be terminated under a false name in conjunction with number portability.

Once the fraudster has obtained the SIM card, they can make calls, receive text messages, and access various online services using the victim's mobile number—for example, by using the “reset password” feature if user verification is done via text message or a call to the mobile device.

How can I detect SIM swapping?

• Calls and text messages no longer work
• Notifications about changed passwords and activity on new devices
• Access to accounts blocked
• What you can do
• Use strong passwords
• Activate two-factor authentication via an app instead of SMS
• Regularly check your accounts and security settings
• Do not answer calls, emails, or text messages asking for personal information
• Change your online behavior: Fraudsters observe their targets through cyberstalking. Any information you publish can be used to create your identity profile. Never post your address or phone number and avoid giving your full name and date of birth. Also, be careful when sharing personal information that only you should know.