Data security and scams

What to do if scammed

If third parties have become aware of your PINs:

  1. immediately suspend your ID card certificates;
  2. change your mobile ID PINs and delete your existing Smart-ID account;
  3. If you fell victim to a fraud, make a statement to the police and inform the bank by calling us on +372 669 0966 (from 8:30-19:00 Monday-Friday), sending us a message via the Internet bank or informing us at any branch presenting proof of ID when doing so.

If you spot any suspicious transactions on your bank card:

  1. immediately close your card in our app or Internet bank or by calling us on +372 669 0966 (from 8:30-19:00 Monday-Friday);
  2. If you fell victim to a fraud, make a statement to the police and inform the bank by calling us on +372 669 0966 (from 8:30-19:00 Monday-Friday), sending us a message via the Internet bank or informing us at any branch, presenting proof of ID when doing so.

Report phishing

If you come across a fake website or link mimicking our Internet bank, notify us by clicking on 'Report phishing'.

Your data security is important to us

Do the following to protect your data:

  • Double-check what it is you're confirming with your PIN
  • Keep your PINs and bank card details to yourself
  • Never confirm a transaction you didn't initiate yourself
  • To perform any bank-related actions, download the Coop Pank mobile app or access the Internet bank via the official address https://i.cooppank.ee/
  • Never trust websites, programme, links or people you don't know (in the latter case, even if they call you claiming to be bank staff or police)

Fake Internet bank pages

Some scammers create identical copies of companies' Facebook pages and websites, then conduct supposed prize draws to get victims to enter their details or log in using their password and PINs. A fraudulent transaction is carried out in the course of this, or the victim is called and asked for more details.

Scammers can also imitate the pages of an official Internet bank. Clients can end up there via a link or by using a search engine like Google. Scammers frequently buy ads for their fake websites which place their site at the top of search-engine rankings. That's why fake sites are sometimes easier to find in a search engine than the real sites.

Any data entered on a fake site can enable the scammers to transfer your money, apply for things such as small loans in your name or terminate deposits.

Calls from scammers

Calls are normally used by scammers for phishing, but they can also be used to try to manipulate victims. The scammers pretend to be bank staff, police or tax officials and typically tell the victim that their bank account has fallen victim to a cyber attack or been misused, that they themselves (i.e. the official they are pretending to be) have fallen victim to something, that an application for a loan needs to be suspended, that someone is trying to hijack their e-mail account or purchase something with their card, that they have questions about transactions, or something along these lines. To prevent this from happening, the victim is asked to enter their PINs, provide their card number or download a programme ‘for security reasons'. The scammers' aim is to gain access to the client's means of authentication so that they can then perform transactions from the client's account which the client themselves had no intention of performing.

How to spot such scams:

  • Despite claiming to be an Estonian bank worker or police officer, the caller insists on speaking in a language other than Estonian. Such scammers may also claim that they represent a telecommunications or other company.
  • The caller, whom the victim doesn't know, claims to be a bank worker or police officer and asks the victim to download an unknown programme, requests details of bank cards or authentication means or insists that the victim pay or deliver to someone an amount of money on some pretence.
  • Note that current technology also enables scammers to imitate official telephone numbers and to have their numbers show up as local even when calling from abroad.
  • Where calls purportedly from bank staff or the police are concerned, call the general number of either the bank or the police before performing any transaction to determine whether they have in fact called you and why. In order to e.g. stop a fake loan application, neither the police nor the bank require the client's intervention (i.e. giving them your PINs) or assistance.

Phishing

Online scams that are designed to gain personal data (user names, passwords, credit card details, etc.) are known as phishing. These scams can take place via e-mail, a link, SMS or chat, on social media or via a fake ad published on the Internet. The scammers' aim is to gain access to the client's means of authentication and/or bank card details so that they can then perform transactions from the client's account which the client themselves had no intention of performing.

How to spot such scams:

  • In order to obtain a victim's data, the scammers entice them to their website using job offers, links and ads. They always ask the victim to do something unusual, e.g. requesting data unrelated to what they're offering or charging a ‘fee' in order to apply for the supposed job or obtain whatever they've been promised.
  • 99 times out of 100, being asked for your PINs or bank card details is a sure sign of a scam if you haven't initiated a payment or a purchase (e.g. from an online store) on someone's initiative.
  • If you've unwittingly given a scammer your ID code, telephone number and the user name you use for your bank, they can submit PIN enquiries at any time in order to gain access to your Internet bank and perform transactions.

Investment scams

Some scammers try to pass themselves off as investment brokers or bank workers, offering high-yield investments in shares, bonds, crypto and the like. They do this over the phone, on social media and elsewhere online. The victim is encouraged to take out a loan and/or install some kind of software (e.g. the AnyDesk programme) with which to monitor the returns on their supposed investment. This way the scammers create an illusion that the victim's money is growing. When the victim indicates that they want to access their funds, they're told they need to pay to do so - and end up losing that money.

How to spot such scams:

  • Investments are offered that allegedly enable you to double, triple, quadruple your money very quickly, and with very little effort or risk.
  • The AnyDesk programme you're asked to download to monitor how much money you're supposedly making gives the scammer access to your computer.
  • Additional ‘fees' are charged for you to access your investment. These amounts are deducted from the amounts already in the account, and if there are sufficient funds, you needn't make any further payments into it to cover the cost of the fees.

Fake relationships

Scammers can set up fake profiles on dating sites and apps and on social media (e.g. for a soldier or someone on a humanitarian mission), profess to have romantic intentions or pretend to have found the love of their life.

Their aim is to profit from the good will of the victim by conning them out of money or involving them in a scam themselves. The victim is often dragged into a supposed emergency situation in which they have to transfer money to someone as quickly as possible.

How to spot such scams:

  • Being asked for money (on the pretence that e.g. the scammer's accounts have been frozen or that they're about to come into a large sum of money) before even meeting someone or being bombarded with investment and business ideas is highly suggestive of a scam.

Inheritance and lottery scams

Victims are enticed (usually by e-mail) with ‘news' that they have won a lottery or been identified as the rightful recipient of an inheritance, to claim which they must make some form of payment (a ‘processing fee', notary's fees, etc.) or submit their bank card details.

How to spot such scams:

  • If you need to pay some ‘fee' or provide card details in order to access the alleged lottery win or inheritance, it's very likely to be a scam. Be aware that all you need in order to perform a transaction is an account number, not bank card details.
  • The supposed lottery win comes without you knowingly having taken part in the lottery, e.g. from having visited some website.
  • The inheritance is from someone you've never heard of and is supposedly being mediated by a solicitor or notary whose identity is difficult to confirm.

Credit scams

Scammers post loan offers with very good interest rates on social media. The victim is asked to make pre-payments to cover the loan amount or to pay the contract fees in advance. Bank card details or Internet bank access may also be sought. In some cases, the victim is encouraged to take out a loan in their own name and then to transfer the money to someone else to finance a business scheme or earn additional income for the purposes of investing.

How to spot such scams:

  • Compared to ordinary loans, the loan being offered comes with a very low interest rate, or the amount of the loan is very large but no collateral is required.
  • Additional ‘fees' need to be paid in order to obtain the loan.

Other scams

The list above is by no means exhaustive - there are all sorts of scammers out there who'll happily exploit any situation and any weakness, so it pays to keep your wits about you. For example, people who are struggling financially can be scammed and used, as can people who are drunk or otherwise intoxicated. Then there are the fake offers you find online for jobs and goods (which, in the latter case, you pay for but never receive) and the notifications supposedly sent from parcel terminals urging you to click on fraudulent links.

How to spot such scams:

  • The client is asked for their bank card data, e.g. the CVV/CVC code and card number, enabling the scammers to use the card.
  • The client is sent a link via which to make a payment or track or collect a parcel, or is asked for their PINs for a transaction they had no intention of initiating.

Recommendations for secure banking