Cyber security

Being mindful and protecting yourself from phishing

We are here for you to support safe banking

You can protect your assets from online fraud

Read about the newest fraud attempts and learn about how financial scammers operate with the help of CyberShield (KiberPajzs).

The most common scams

Payment requests – confirm your details

Scammers may pose as various service providers and send you emails or texts asking you to pay a fee that is due or overdue, refresh your payment data or change your personal or contact details using the link included in the message, claiming that otherwise you will be locked out of the service. These fraudulent warnings are typically sent in the name of well-known companies, e.g. telecommunication firms or streaming service providers. In the winter, scammers might often impersonate gas providers, too. The link in these messages is to a phishing page, where the potential victims are asked for their netbank user name, password, and the verification code texted to them by their bank.

If you receive a message like this, check the sender’s email address or phone number. Also, never click on a link received in email, text or chat and provide your NetBank login credentials or bank card details. If you want to log into Gránit NetBank, always go to the bank’s webpage, and always read any text received from the bank with your verification code carefully. Make sure that you provide any registration code only in the way you intended. If you receive a code that is not in line with your intentions, please call our customer service.

Scams on classified ad portals

Attention! A new form of scam is spreading across many popular classified ad websites: scammers, posing as buyers, send fraudulent messages or links to sellers about delivery of the product and payment of the purchase price. Clicking on the ‘Receive money’ or ‘Be paid’ buttons on the website that opens from the message or link takes one to a phishing website, where the seller can seemingly select the netbank of his/her own bank. In reality, the seller is taken to a fake netbank login page, and any information provided here goes to the scammer. The login credentials and text/iSMS verification code learnt this way enable the scammer to log into the netbank or to download and install the bank’s mobile app, where they can then transfer money.

Please always verify the sender’s email address and only access Gránit NetBank via Gránit Bank’s official website (https://granitbank.ro). Please carefully read the text message containing the verification code so that you are sure what purpose it serves. Please consider carefully before providing the registration code. If you have any questions, please call or customer service at +36 1 510 0527.

There is now method for receiving money whereby you’d have to select your bank from a list and then log into your netbank from there, to enable any sum to be credited to your bank account. If you see this, you can be certain that it is not a legitimate banking interface.

New scam spreading on a booking site

Recently, unsuspecting users could encounter phishing attempt on one of the most popular accommodation booking site, so it’s best to be vigilant. What do these phishing scammers do?

Let’s assume that you successfully booked a room and you’ve also paid the rental fee. If the scammers selected you as a potential victim, a little later you’ll receive a message from the renter that there was some problem with your payment and you should try to pay again via the link in the message. This, however, is a phishing link, and any information provided by you here can be used for illegal purposes by the scammers.

NEVER under any circumstance should you give in to the implied urgency. In these messages, the scammers keep stressing that your booking will be cancelled if you don’t pay. What can you do? Ask the hotel using its official contact information whether the message was actually sent by them. If they confirm that it wasn’t them, you can relax that your booking is OK.

What should you do if you did disclose your information? First, block your card in the Gránit eBank app, then have it permanently blocked by the Bank’s customer service, where you can also report the scam. Additionally, always read every text/iSMS message carefully and think about whether the transaction that the bank is asking your approval for was actually initiated by you.

Romantic scammers online

Websites and mobile phone apps are increasingly popular with people looking for a partner. It is best to be vigilant when dating online, however, because scammers also use these platforms to try to extract money from those they select as their potential victims.

Is the person unwilling to talk by phone or videochat? Are they unwilling to meet in person? Do they have no friends or photos on community media sites, or if they have, are all of them recent? Are their messages written with bad grammar? These are warning signs - make sure you proceed with caution if you encounter them with your potential date. And if they ask for money for any reason, you should be especially cautious.

Scammers often invest weeks, months, or in extreme cases even years to gain your trust before they make this move to ask for money.

Phishing disguised as antivirus software

Fraudulent marketing materials including newsletters, ads and fliers with the name, logo and other brand imagery of the Hungarian National Bank, the Hungarian government and various financial institutions with a significant share of the Hungarian market have been published in various online pages urging users to download a supposed antivirus software from a link. To make users download the program, they falsely assert that the software is approved and endorsed by the Banking Supervision and the banks as well. The software downloaded from this online page, however, is not an antivirus program but is usually a phishing program that enables the scammers to access the user’s devices (e.g. by granting remote desktop access), or is another kind of malware.

Please ignore marketing messages of his type, never click on the link and never install software from an unknown source on any of your devices. Please make sure that you got an updated antivirus software from an official app gallery or software store. Before installing any software, please confirm that it is a genuine program from an official source and that it serves the purpose you intend.

Phony phone calls from the bank (vishing)

Scammers may call you and pretend to be bank employees to convince you to divulge personal and banking details or to initiate or approve banking transactions.

Often, their goal is to learn the one-time code texted to you by your bank, possibly by convincing you to install a ‘remote desktop access’ program on your computer or phone. These programs may actually give the scammer total control over your device.

If any of the following occurs during the call, you should suspect that you are talking to scammers rather than your bank:

During the call they ask for any password or code (e.g. PIN code) required for banking, in the name of Gránit Bank or another bank.
They call you from a bank where you don’t have an account to discuss a transaction.
The person on the phone tells you your netbank user name and password during the call and then asks for the verification code you receive in text. Your password might have been stolen using a virus installed on your device!
It is a sign of scam if the caller asserts, falsely, that their request for your information is to protect your safety or if they try to convince you to make a money transfer, possibly claiming that this is the way to safeguard your money.
Before accepting a call, check the phone number displayed on your screen. If the caller claims to be from Gránit Bank but your screen doesn’t show the phone number of Gránit Bank, disconnect the call. It’s important to know, however, that it is possibly to change the number displayed using technology, so you shouldn’t unconditionally trust that it’s genuine. If the call is unusual or suspicious, you should disconnect and call Gránit Bank at the known phone number (+36 1 510 0527, +36 70 960 9871).
Whenever you receive a notification or text from the Bank, read it from beginning to end and use it only for operations that you actually want to perform. If it is not clear what the Bank is asking you to approve by providing the code, please call customer service.
If the callers try to keep you on the phone for a long time, try to distract you from reading your messages, try to urge you to perform operations, or try to dissuade you from calling your bank directly, you should suspect a scam.

Apple refund scam

Following the erroneous charges on 26 June 2024, Gránit Bank refunded the relevant sums to the bank accounts of all customers affected by the illegal charges by the 30th of June. If you have any remaining questions about the refund, please contact Gránit Bank customer service for further information.

Please note, however, that recently we have identified a phishing attempt related to the events of the past month where scammers contact random customers of the bank about the Apple Pay refund in text or email. They claim that the customer is entitled to additional refund due to errors in Apple Pay payment records, and they send a link that asks for personal and banking information, including bank card data and passwords, supposedly to enable the customer to receive such refund. Using the credentials divulged, the scammers can then easily initiate bank card digitalisation and unauthorised transactions.

Please be careful if you receive a text or email of this nature. Delete the message immediately, and if you were unwary and gave away your banking information, please block your bank card immediately in the Gránit eBank app, then call customer service and report the incident by calling +36709609871 or + 36 1 510 0527.

I was scammed. What do I do?

Report it

If you fell victim to a banking scam or if your bank card, NetBank or eBank mobile app information, codes or passwords might have been revealed, call our customer service as soon as possible at +36 1 510 0527 or +36 70 960 9871, then select item 11 on the menu to report the incident without waiting and have your access blocked. You can of course report such events through our other channels as well (e.g. VideoBank, email, NetBank letter), but those might take longer to take effect due to the processing methods involved.
If the scam used the name or brand imagery of a service provider, it’s useful to report it to that service provider as well.

Submit a recovery request

To request the correction, cancellation, recall or refund of transactions made in the course of a successful scam without delay, please call customer service at +36 1 510 0527 or +36 70 960 9871 and select item 11 of the menu, which was created for reporting scams. You can of course submit such requests through our other channels as well (e.g. VideoBank, email, NetBank letter), but those might take longer to take effect due to the processing methods involved.

Fulfilled bank card transactions

If a bank card transaction was fulfilled as a result of scam or phishing, Gránit Bank can initiate a chargeback process if the transaction was fulfilled, the place of acceptance is not classified as a protected party, and if the submission deadline specified in the card company’s policy was not exceeded. The place of acceptance has 45 days from the date they receive the chargeback notification to fight the bank’s claim and submit representment, supported by documentation, for the sum credited earlier. If there is no rebuttal by the place of acceptance within this period, the Bank considers the process successful and the dispute is closed. If the place of acceptance is classified as a protected party or if strong customer authentication was performed when the transaction was made, the Bank is unable to start a chargeback process.

Fulfilled bank transfer transactions

If a bank transfer is fulfilled in the course of a scam, Gránit Bank can issue a recall request to the beneficiary’s bank free of charge. Please note that for the recall of a payment order to be fulfilled, i.e. for the money to be transferred back, either the beneficiary’s consent or a relevant instruction from the authorities is required. The recipient bank has 30 days to respond to the recall request from the day it is submitted; at the same time, Gránit Bank cannot force the other party to respond. Gránit Bank will notify the customer requesting a recall after the recipient bank’s response has been received or the absence of an answer has been confirmed.

We suggest making a police report

We suggest making a report to the police in person at the police station closest to you; or you can also make one online at www.police.hu, or possibly by email at the email address of the local police station.

Collect evidence

Make sure to save all forms of communication, emails, messages and transactions that are related to the scam.

Block your access

If your bank card, NetBank or Gránit eBank mobile app information, codes or passwords might have been revealed, call our customer service as soon as possible at +36 1 510 0527 or +36 70 960 9871, then select item 11 on the menu to report the incident without waiting and have your access blocked. You can of course submit such requests through our other channels as well (e.g. VideoBank, email, NetBank letter), but those might take longer to take effect due to the processing methods involved.

Change your passwords

Scammers often make use of the fact that users tend to use the same login information for multiple sites. It is also possible that your online activities have been monitored for a longer period of time using malware and therefore many of your passwords might have been compromised. We recommend promptly changing the passwords to other online accounts as well in the event of a scam or attempted scam.

Monitor your finances

Review your bank account and card transaction history, and pay special attention to notifications from your bank. If you detect any unusual operation, login attempt or transaction, report the suspicious activity to your bank immediately.

Bank mindfully and protect your information

The Bank will never ask you to download an app that was not developed by Gránit Bank Zrt. The identity of the developer can be verified by anyone in an app store.

The Bank will never ask you for your NetBank username of password.

The Bank will never transfer you to another bank’s customer service when on the phone.

Never disclose your bank card information on suspicious websites.

The Bank will never ask you for your bank card authentication data (PIN code or CVV/CVC code).

The Bank will never ask you for the codes it texted you/sent you by iSMS.

Always check all websites, heir authenticity and the relevant user comments.

Always carefully read and interpret any text/iSMS received from the Bank.

How to keep your devices safe

Actions you can do to protect your devices and bank accounts

How to keep your devices safe

Keep your software updated

Authorise all software updates you receive on your device. These are usually security updates that help keep your data safe.

Lock them

Make sure to encrypt the data stored on your devices and to set your screen to lock automatically. Use a PIN code of at least 5 digits or a safer solution to unlock your screen. Install antivirus software to protect your device against malware. Additionally, create safety backups of your data regularly to keep them safe.

Verify

It is highly recommended that you use up-to-date antivirus software from a reputable source on your IT devices. Often, this can prevent your passwords, login credentials and other data from becoming compromised.

Types of scam

There are various types of scams and attacks in the field of cyber security. Examples include:

Phishing: Scammers use false emails and websites to trick bank customers into disclosing personal/sensitive information, such as user names and passwords.

Smishing (false bank texts): Smishing (a combination of ‘SMS’ and ‘phishing’) is a form of fraud where scammers use texts to try to obtain personal, financial or security data and information.

Vishing: Vishing (a combination of ‘voice’ and ‘phishing’) is a form of phone fraud where scammers try to convince the victims, usually bank customers, to share personal, financial or security information or to transfer money.

Identity theft: Criminals use various methods to steal the identity of others and use those to execute banking transactions.

Psychological manipulation: Scammers might use manipulation to make you do things that you otherwise would not do. This might involve a risk to the safety of your bank details.

Computer viruses and malware: Malicious apps may, without the user’s knowledge and approval, make changes to IT devices, access or transfer data, and grant unauthorised remote access to unauthorised persons.

Ransomware: Attackers may use a malicious application to encrypt the victim’s data and may then demand ransom to unencrypt them.

Vulnerabilities: Software bugs in systems and applications which attackers might leverage to access user data, make changes to the IT device, access and transfer data, or grant unauthorised remote access to unauthorised persons.

These are just some examples of cyber security threats. It is very important to remain vigilant to be able to keep ourselves safe and prevent fraud. Gránit Bank is committed to ensuring safe banking for its customers and uses effective security measures to this effect. Safety awareness by the customers themselves, however, is also eminently important to achieving safety. For further information, please visit the official pages of the National Bank of Hungary (Az adathalász csalások legjellemzőbb típusai (Key types of phishing attacks) (mnb.hu)) and of CyberShield (Ön felismerné az összes csalástípust? (Can you identify all types of scam?) | CyberShield).

How can I avoid falling victim to a scam?

Anti-phishing tips

When receiving an email, text or a phone call, make sure that the person or company sending it/calling you is legitimate and that the request is authentic. If you are unsure, it is best to disconnect and request confirmation of the legitimacy of the request through a separate channel, using one of the contact details listed on the official website of the company referred to (calling them back).

Do not click on a link in an email or text if you cannot decide if it is authentic. A payment request or dunning notice received from a service provider could, for example, be verified through the service provider’s official channels (mobile app, official online customer account, or Call Centre).

Never disclose or make available passwords, other personal identifiers or banking information to another person or to other persons, either by phone or email.

If the received email or chat message (e.g. chat service on social media, dating sites or mobile apps) contains nothing but a link, and the sender is unknown, delete it.

If you want to log into Gránit NetBank, always go to the bank’s website and always read any text received from the bank with your verification code carefully. Make sure that you provide any registration code only in the way you intended. If in doubt, call our customer service.

Advice related to bank cards and ATMs

For your security, please use the bank card Lock (and Unlock) and Set Limit functions in the Gránit Bank eBank app. You can lock your bank card by tapping the lock icon and unlock it only before the actual payment, thus eliminating the possibility of bank card fraud. You can also safeguard your money by keeping your bank card limit at HUF 0 or another low sum and only increasing the limit right before making a transaction.

The PIN code related to a bank card should not be written down anywhere or disclosed to anyone else. Whenever possible, use ATMs located in a closed room to retrieve cash. Make sure that others cannot see what you are doing, and keep your hand above the keyboard when providing your PIN code. In most cases this will block the view of the camera on the machine.

When making purchases online, verify that the webshop is real (e.g. consider the relevant user comments), verify that the Terms of Business is available on the web page and check what it says; also, verify that the other notices required by law are available. Whenever a web page request any data, check whether your browser indicates any error. Your browser must not indicate any error when loading a page from a bank.

Do not click on pages that look shady

False pages imitating the official pages of banks or even web sites of parcel delivery companies are often deceptively similar to the original web sites, but exercising proper caution will enable you to identify any suspicious elements that can help you decide whether the page is genuine or is a fake designed to extract your data. Warning signs might include the name of the website, any grammar or language mistakes, the use of inaccurate or unprofessional terms, or the display of earlier brand imagery.

Never log into your netbank on a page where you are asked to choose your bank from a list of logos of Hungarian banks!

Never provide your bank card details or log into netbank in order to receive payment for an item you’ve sold.

Before logging in to a web page, check the URL in your browser. It is best to type the website address yourself.

Always understand the text of a message received before executing the operation requested.

Monitoring transactions

Options for monitoring your transactions

You may opt to receive text or free iSMS to your eBank app to receive a notification of any movement of funds in your account. By enabling this function you will immediately know if someone else has tried to use your card; if this happens, you can lock your card immediately in the app by tapping a few buttons.

To enable free iSMS notifications, go to Menu, then Settings, and select the ‘Method of notification used by the Bank’ item. Please note that you need to have active data connection to receive iSMS messages. We also recommend checking your account history for previous periods in NetBank or eBank.

Monitoring transactions

Setting and changing limits for transactions

You can set limits for card transactions in the app by tapping a few buttons. To do so, go to Your card, select the bank card you want, and set the limits applicable to ATM cash withdrawal, POS terminal payment and online payment, respectively. You can also block your card in the same item in the menu; in this case you’ll need to unlock the card in the app before its data can be used for payment.

Types of scam

There are various types of scams and attacks in the field of cyber security. Examples include:

Phishing

Scammers use false emails and websites to trick bank customers into disclosing personal/sensitive information, such as user names and passwords.

Smishing (false bank texts)

Smishing (a combination of ‘SMS’ and ‘phishing’) is a form of fraud where scammers use texts to try to obtain personal, financial or security data and information.

Ransomware

Attackers may use a malicious application to encrypt the victim’s data and may then demand ransom to unencrypt them.

Identity theft

Criminals use various methods to steal the identity of others and use those to execute banking transactions.

Psychological manipulation

Scammers might use manipulation to make you do things that you otherwise would not do. This might involve a risk to the safety of your bank details.

Computer viruses and malware

Malicious apps may, without the user’s knowledge and approval, make changes to IT devices, access or transfer data, or grant unauthorised remote access to unauthorised persons.

Vulnerabilities

Software bugs in systems and applications which attackers might leverage to access user data, make changes to the IT device, access and transfer data, or grant unauthorised remote access to unauthorised persons.

Vishing

Vishing (a combination of ‘voice’ and ‘phishing’) is a form of phone fraud where scammers try to convince the victims, usually bank customers, to share personal, financial or security information or to transfer money.

How can I avoid falling victim to a scam?

Anti-phishing tips

When receiving an email, text or a phone call, make sure that the person or company sending it/calling you is legitimate and that the request is authentic. If you are unsure, it is best to disconnect and request confirmation of the legitimacy of the request through a separate channel, using one of the contact details listed on the official website of the company referred to (calling them back).
Do not click on a link in an email or text if you cannot decide if it is authentic. A payment request or dunning notice received from a service provider could, for example, be verified through the service provider’s official channels (mobile app, official online customer account, or Call Centre).
Never disclose or make available passwords, other personal identifiers or banking information to another person or to other persons, either by phone or email.
If the received email or chat message (e.g. chat service on social media, dating sites or mobile apps) contains nothing but a link, and the sender is unknown, delete it.
If you want to log into Gránit NetBank, always go to the bank’s website and always read any text received from the bank with your verification code carefully. Make sure that you provide any registration code only in the way you intended. If in doubt, call our customer service.

Advice related to bank cards and ATMs

Do not click on pages that look shady

False pages imitating the official pages of banks or even web sites of parcel delivery companies are often deceptively similar to the original web sites, but exercising proper caution will enable you to identify any suspicious elements that can help you decide whether the page is genuine or is a fake designed to extract your data. Warning signs might include the name of the website, any grammar or language mistakes, the use of inaccurate or unprofessional terms, or the display of earlier brand imagery.
Never log into your netbank on a page where you are asked to choose your bank from a list of logos of Hungarian banks!
Never provide your bank card details or log into netbank in order to receive payment for an item you’ve sold. Before logging in to a web page, check the URL in your browser. It is best to type the website address yourself. Always understand the text of a message received before executing the operation requested.

Notice

This is to inform our customers that in the event of a fraud incident involving a cash-substitute payment instrument (e.g. bank card, netbank, or mobile app), the Bank will investigate liability for the loss.

The Bank is not considered liable for damages if the investigation finds that the customer’s grossly negligent behaviour contributed to the loss occurring. The final decision on whether gross negligence was involved may be made by the court.