Online security

Cyber attacks on companies and individuals are becoming more commonplace. We encourage all our customers to stay safe by keeping up to date and aware.


Email fraud

Fake emails and fake websites

Criminals can contact you by email, via SMS and even by telephone. They can pretend to be a bank employee or other person you would trust. The aim is to convince you to make an international transaction or to steal your password and access your bank account.

Access to your email is either achieved by hacking into your system or by sending an email from a false email address. They may also direct you to a false website page.

Criminals can be very convincing and you should always question the source of any email requesting you to make transactions or enter personal information. Look out for the following:

  • A strange email or website address
  • Poor spelling
  • An unusual request
  • Asking you to log in
  • Directing you to a website

You should always phone your bank if you are unsure, even if the request seems normal.

Pretending to be management

Hackers will often pretend to be company managers requesting staff members to make international transactions. These requests are often high priority as the hackers want to complete the criminal act as quickly and efficiently as possible. The member of management will often claim to be overseas and unable to contact you by phone.

You should never agree to make any transaction of this kind without contacting the individual requesting you to do so. You should also ensure that the telephone number is correct.

Fake offers – rent fraud – Airbnb

Hackers convince their victims to make international transactions by steering them away from pages like Airbnb, offering a seemingly alternative booking service through fake websites or email contact. They then steal your money, which cannot be traced or paid back to you.

They often make offers that are too good to be true such as 50% discounts. Official booking sites will not take responsibility if you do not use their booking system.

How can I protect myself?

Always confirm any transaction requests by telephoning the individual/company. Make sure the telephone number is official.

Identify risks:

  • Has the email address been tampered with?
  • You may recognise the name of the sender but is the email address correct?
  • You receive an invoice and then receive another one shortly afterwards, claiming that the account details on the last invoice were wrong.
  • You receive an urgent request from management to complete a transaction. Telephone the person immediately to receive confirmation.
  • Are the account details, name of the bank and country of origin suddenly different?  
  • Has the style of communication changed? Is the tone more urgent, less formal, demanding or sharper than before? Does the sender claim to be overseas or unable to telephone?
  • Does the sender pretend to send the information from a mobile telephone, to excuse spelling mistakes, bad grammar or a more informal tone?

How can I stop an international transaction?

Individuals and businesses should contact us by telephone (440 4000) immediately. We will send you a document entitled changes to telephone transaction which you must fill out and send back through this form. Immediate action is necessary as 2-3 days is all it takes to make it almost impossible for us to retrieve your money.

Phishing

What is phishing?

Hackers try to deceive people by sending credible email messages from seemingly legitimate companies. The purpose of the message is to convince you to click on a URL, download fraudulent software, or open attachments. This is how they access usernames, passwords and your finances. This method is called phishing. Attachments can contain viruses and fraudulent messages can be sent via Facebook or email from what seem to be familiar sources. Your personal email account and Facebook page are prime targets.

What can I do to protect myself?

Never enter your username and password on pages that pop up once you have clicked onto a link, unless you are sure of the source. Users should always enter the domain themselves for any service they intend to sign up for. Setting up two step verification is one of the best ways to minimise risk. You should also use different passwords for different accounts.

What can I do if I think I have been hacked?

You will need to call in a computer expert to assess the situation. Changing your password is never enough.

  • Take screen shots of everything including the event log and settings. These can be handed over to the police as evidence. Take these screen shots immediately, without making any changes to the computer.
  • Review the rules and how you save documents (e. archive, e. move).
  • Review your e. autoforward settings in your email account.
  • Review you password recovery settings (e. recovery passwords) and phone recovery settings (e. recovery phones) in your email account.
  • Change your email account password and anywhere else where you have used the same password. Never use this password again.
  • Turn on the two-step authentication in your email account (e. two factor authentication, e. multi-factor authentication).
  • Review every service used in connection with your email account e.g. paypal, ebay, amazon, tax office, lastpass, passwords.google.com. The hackers may have reset your password for some of these services (e. password reset) using your email.
  • Review all the information in your email account. You can assume that any private information is now compromised, including any information that you may have stored in notes (passwords, bank account /credit card numbers).
  • Find out if any of the email addresses you use have also been compromised. You may need to inform anyone you think may have been affected. Hackers are known for sending emails to other contacts from within your email account to find new victims

Important points:

  • Never make any transactions requested via email. Always phone the person making the request using an official telephone number.
  • You should always contact the police abendingar@lrh.is and your bank, if you think you have been hacked.

öryggi.is

SAFT - Samfélag, fjölskylda og tækni

lögreglan.is