Phishing is a term used for fake emails that try to trick you into sharing your personal, financial or security details. The email asks you to open an attached file or click on a link where you will be asked to enter your personal information.

Smishing is when a fraudster sends you a fake text message that on the surface looks genuine. These text messages often appear to have been sent from a legitimate source or business, such as Danske Bank.

The language used in phishing emails and smishing text messages often creates a sense of urgency. The email or message tells you that it is important that you open an attached file or click on a link that requires you to log on to a fake site using your NemID/MitID or to provide other personal information. If you click on the link and provide your information, the fraudsters can use your information to log on to your bank account and steal your money.

Tips to avoid becoming a victim of phishing and smishing

• Be particularly wary if a bank, other financial institution or public authority asks you to provide them with personal information such as your credit or payment card PINs or bank passwords.
• Take a thorough look at the email or text message. Compare the sender’s address with previous legitimate messages you have received from the genuine sender. If you are unsure, phone the business or organisation on its publicly available phone number to check the authenticity of the email or text message.
• Always be on the lookout for spelling and grammar errors.
• Never click on any suspicious links or download an attachment! Contact the business or organisation by using its publicly available phone number.
• Always double-check the domain name of the website. If the URL contains misspelled words or unusual characters, it might be a sign that it is unsecure.
• Forward your fake email and text message to falskemails@danskebank.dk and then delete them.

Example

Michael receives a text message that looks like it is from Danske Bank. The message informs him that there is a suspicious transaction on his account. Michael is a Danske Bank customer, so he decides to click on the link in the text message because the message says that he needs to take urgent action to help Danske Bank stop the transaction. Michael clicks on the fraudulent link and is then asked to log on using his NemID or MitID. He enters his information, but by doing so he gives the fraudsters access to his bank account. Michael has become a victim of a smishing attack.

Vishing is a term for fake phone calls from a fraudster who claims to be calling from your bank or from another business or organisation. The fraudster tries to trick you into providing personal or financial information, or they try to get you to transfer your money to an account they control.

A well-known vishing technique is a safe account scam, where the fraudster tells their target that their account is unsafe and convinces them to make a payment to a ‘safe account’, which in reality is the fraudster’s account.

Tips to avoid becoming a victim of vishing

• Be particularly wary if a bank, other financial institution or public authority asks you to provide them with personal information such as your card PIN, NemID/MitID passwords or other login details. Your bank will never ask you for this information.
• Do not transfer money to another account if someone asks you to. Your bank, the police and other public authorities will never ask you to do this.
• Be wary of unsolicited phone calls. To verify the caller’s identity, find the phone number of the business or organisation that the caller claims to be phoning from by using a public and trusted source such as the official company website – then contact the business or organisation directly. Do not use the number provided by the caller to verify their identity because this number could be fake.
• Fraudsters can find general information about you online, for example on social media. Do not assume that the caller is genuine just because they have such information.
• Never download apps if someone requests you to do so because it might enable others to take control of your computer or mobile device. On the surface, it may sound as if the person calling you is trying to help you, but handing over control of your computer or mobile device to someone else can let them commit a criminal act such as stealing your money from your bank account.

Example

Erik receives a phone call from someone impersonating an adviser from Danske Bank. The caller asks Erik if he is just made a payment of USD 10,000. Erik panics because he has not made any such payment. The fake Danske Bank employee tells Erik that he is eager to help and asks Erik for his NemID/MitID login so that he can take control of Erik’s computer and quickly stop the payment.

Erik provides the information that he is been asked for. But by doing so, Erik becomes a victim of a vishing attack because providing his information to the fraudster enables the fraudster to steal money from Erik’s bank account.

Investment fraud promises seemingly lucrative low-risk investment opportunities in shares, bonds, cryptocurrencies or other kind of investments.

Fraudsters often contact their targets by phone, email, text message or social media, or by using fake celebrity campaigns, fake companies, fake websites or other tempting marketing campaigns – all of which appear to be genuine. 

See fake emails & text messages and fake phone calls above to learn more about what to look out for when you receive an email, text message or phone call that could be a fraud attempt.

Tips to avoid becoming a victim of investment fraud

• Never respond to unsolicited phone calls about investment opportunities.
• Think critically about offers that promise you a secure investment, guaranteed returns and big profits – if it sounds too good to be true, it probably is!
• If you feel that there is a sense of pressure involved with the investment opportunity, the investment is most probably a scam. You should never feel pressured into investing your money.
• If you want to start investing your money, do it safely by contacting your bank or other qualified financial expert to ask for their advice.
• Never hand over control of your computer or mobile device to somebody else or disclose any personal or financial information.

Example

Sophie goes online to look for investment opportunities. Because of her search history, she soon comes across a website advert that offers “guaranteed profits”. Shortly afterwards, Sophie is contacted by a person who introduces herself as an investment counsellor and who politely tells Sophie that she wants to guide her with her investments. Sophie then makes the first of several payments to a foreign account number.

Sophie receives weekly messages that her investment is growing, but the messages also tell her that she should invest more money to further increase her profits. After making a number of further payments, Sophie realises that she cannot retrieve her money. All contact stops, and the phone number for the fake investment counsellor is no longer in service. Sophie has become a victim of investment fraud and has lost all the money she transferred to the fraudster, who she believed was a genuine investment counsellor.

In a romance scam, a fraudster approaches an individual via online channels and initiates a conversation with the intention of striking up a romantic relationship. The romance scammer then exploits the trust that has been built up in the relationship to exploit their target and lure money out of them. Romance scammers often seem to be genuine, emotional and very caring. They will often ask for very little money to begin with, but over time they will ask their victim to send them more and more. 

Tips to avoid becoming a victim of romance scam

• Talk to friends and family about your dating experiences.
• Say no if you are asked to transfer money urgently to pay for flight tickets, medical expenses, etc.
• Be careful of what information you share on social media and dating sites.
• Take your time – investigate the person’s profile and ask questions.
• Be on the lookout for spelling and grammar mistakes, inconsistency in the person’s stories, and excuses such as the person saying that their webcam is not working.
• Be wary of requests for money. Never send money, card details, account details or copies of personal documents.

Example

One day, Karen receives a message on Facebook from Thomas, who says he is a US soldier stationed in the Middle East and is very interested in Karen. Over the following months, they are in daily contact, and Thomas seems like a perfect match for Karen. Thomas is thoughtful, professes his love quickly, and tells Karen that she is everything he has been looking for in a woman. Thomas says he wants to get away from the conflict in the Middle East and wants to visit Karen, but his funds are frozen due to his situation.

He asks Karen for financial assistance, and she decides to help him and transfers the money that Thomas tells her he needs. But once the money is transferred, she never hears from Thomas again. Karen has become a victim of a romance scam.

Identity theft is a criminal act where fraudsters steal personal information such as a person’s CPR number or NemID/MitID details and then use this information to commit fraud. The stolen personal information can be misused to take out a loan, create accounts on gambling sites or buy something on credit in the victim’s name.

Tips to avoid becoming a victim of identity theft fraud

• Be mindful of where and how much personal information, such as address and phone numbers, you share online in emails and on websites.
• Never share your NemID/MitID information because this can be used by fraudsters to obtain a loan or steal money from your bank account. NemID/MitID is your digital identity, and nobody other than you should know your login details and password.
• Consider changing the privacy settings of your social media accounts if you share personal information online.
• Consider disabling the linkup between your different accounts to stop information being shared between different social media apps.

Example

Josephine has lost her health insurance card, but she does not do anything about it because she got a digital version of the card on her mobile phone. When

Josephine receives an unexpected bill for a high-interest payday loan that she knows nothing about, she realises that she has become a victim of identity theft.

If you suspect that you have become a victim of identity theft, you should take action immediately by blocking your card, changing your passwords and contacting the

police.

If your NemID/MitID has been misused for taking out a loan or credit, you must immediately block your NemID or block your MitID and call us afterwards on +45 70 20 70 20. We also recommend that you create a credit alert on borger.dk.

Online shopping fraud can happen when you buy an item online that you never receive and your money is lost. Online offers can often be a bargain – but always be wary of offers that sound too good to be true!

Tips to avoid becoming a victim of online shopping fraud

• Do your research – check online reviews on Google or Trustpilot etc.
• Make purchases only when you are connected to a secure internet connection.
• Be wary of adverts that offer unbelievable deals or miracle products – if it sounds too good to be true, it probably is!
• Check that the retailer’s website also lists a physical address, email address and telephone number. If there is no contact information, the online shop may be a scam.
• Read more here about how to make online purchases securely.
• Use an international card (Visa or Mastercard). Only ever enter the card number, expiry date and card verification code (CVC) – never enter your PIN on a website.
• Always double-check the domain name of the website. If the URL of the website contains unusual numbers, characters and strange words, you need to do some further checking of the website to verify its authenticity. One example is the URL danskebank.dk, which is the only official and fully secure Danske Bank website. Other links referring to Danske Bank but using a different URL might be fraudsters impersonating Danske Bank and trying to steal your logon details.

Example

Martin is shopping online for a watch. He finds a website offering a 50% discount code on the exact watch he is looking for. Martin orders and pays for the watch, but he does not check whether the online seller is genuine beforehand. After several months, Martin still has not received his watch. He decides to contact the seller, but he discovers that the website no longer exists. Martin realises that he has been a victim of online shopping fraud.

A money mule is a person who transfers illegally acquired money between different accounts and receives a commission for doing so. Acting as a money mule is illegal because money mules enable organised crime groups to launder money.

Criminals recruit victims using various methods, for instance by approaching them on the street, through direct personal contact or via email or social media channels.

Acting as a money mule is a criminal offence, and money mules face serious consequences such having their bank accounts closed, getting a criminal record or ending up in prison.

Tips to avoid becoming a money mule

• Keep your personal bank details to yourself.
• Always say no if you are contacted by strangers or anyone who asks if they can use your account or asks you to withdraw money for them – no matter how small the amount.

Example

Jonathan asks his classmate Peter to do him a favour: “If I send you DKK 5,000 via MobilePay, could you withdraw this money in cash for me? I will give you DKK 1,000 as a thank you.” Peter could use DKK 1,000 and decides to help Jonathan, so he withdraws the money from an ATM. What Peter does not know is that Jonathan has received the money from a criminal. With Peter’s help, the criminal has succeeded in laundering the money and erasing his own tracks.

Malware is a program that gets installed on your computer or mobile device without you realising it. You can unintentionally infect your computer or mobile device with malware by opening an infected file or from a link that downloads an unknown program. Some types of malware can spy on your behaviour and intercept your personal information. Other forms create an ‘invisible’ page over the logon page of your eBanking and copy your logon information.

Ransomware is a type of malware that threatens to publish or blocks access to your data or computer. Scammers usually encrypt your data and ask you to pay a ransom fee. In many cases, the ransom demand comes with a deadline. If you do not pay in time, your data is gone forever or the ransom increases.

Tips to avoid being a victim of malware and ransomware

• Never click on any suspicious links or download an attachment. Email phishing and spam are the main ways that ransomware attacks are distributed.
• See fake emails and fake text messages above to make sure that you know what you need to be aware of.
• Be extra careful when you download files from the internet, and make sure that the source is trustworthy.
• Make backups regularly and ensure that you store your backups offline and in a secure environment.

Example

Karl receives an email from PostNord that includes an attachment claiming to provide tracking notifications. Karl opens the attachment without verifying whether the email actually comes from PostNord. A few hours later, he receives a notification on his computer screen telling him that all the data on his computer will be deleted if he does not pay DKK 2,000. Karl is now a victim of ransomware. 

Read more about cybersecurity to be safe online.