Rebranding N26, new logo and new colors
08 March 2019Technology & Security

Preventing phishing attacks on your bank account

What is phishing?

Phishing is the attempt of fraudsters to obtain your personal information such as usernames, passwords, and credit card details (and ultimately money). Fraudsters do this by disguising as a trustworthy entity, such as N26 via digital channels like emails , text messages and fake websites.

How does phishing work?

Phishing is usually done over email or instant messaging, and involves sending the user a link to a site where fraudsters can obtain the user’s data or infect their device by using malware, a software that is specifically developed to damage or gain unauthorized access to a computing system.

There is no one-size-fits-all defense against phishing campaigns as a malicious attack can come in all shapes and forms in the fast-evolving digital economy. Criminals can launch targeted phishing campaigns directed at employees, organizations, their customers or the general public. It’s a bit like a criminal marketing campaign.

In the same way that marketing is becoming more innovative and intrusive, phishing has become more targeted and effective.

All banks around the world are heavily targeted by fraudsters whose phishing practices have evolved to better compromise banking and financial information. One out of four phishing targets involves bank information and these attacks are becoming more and more frequent.

What are N26’s responsibilities to prevent phishing?

While it’s impossible to completely eliminate cyber crime at the hands of fraudsters, there are certain measures N26 takes to fight off attacks and better protect your money and identity.

N26 customer support agents will never ask customers via phone or written for the following details:

  • Credit card number
  • CVV/CVC
  • Card expiration date
  • Password
  • Transfer PIN
  • Card PIN

N26 meets both national and international regulatory requirements under the German Money Laundering Regulations to ensure we are taking steps towards diminishing financial crime not only on our platform, but in the wider digital economy.

How do you protect yourself from phishing?

A phishing attack normally works by creating a false feeling of security. Most phishing emails or websites look just like real ones. The whole point is to fool you into giving away your access information.

Here are some important tips to protect yourself from phishing attempts:

  • Do not share your bank login with anyone, even if the person claims to be a bank employee.
  • Choose an email provider that offers two-factor authentication as well as spam, malware and phishing filters and will display an alert if something looks suspicious.
  • Only use your login on the official bank app (ie. N26 app link), never download the application from somewhere else. If you’re an N26 customer, never use login information on another domain than https://app.n26.com or https://my.n26.com
  • Copy and paste URLs from emails and check them before visiting.
  • But particularly — don’t click on a link if you received an email that asks you to perform an action that you didn’t initiate (reset password, validate your account…)
  • Always check a link before clicking on it. Hover over it to preview the URL, and look carefully for misspelling or other irregularities.

Bank websites always make use of HTTPS on their websites. If you cannot see the green lock icon in the browser or see the “https” prefix before the site’s URL, \ it’s likely that the site isn’t secure. Here is how https://app.n26.com should appear in different browsers.

Here are some clues indicating a phishing attack that is after your bank information:

  • Messages with misspellings and typos, multiple fonts or oddly-placed accents.
  • Messages that claim to have your password attached. A bank should never send you your password as an attachment.
  • Mismatched links. Hover over a link and make sure the link actually goes to the place shown in the email.
  • Messages asking for your personal information. If you’re an N26 customer, we will never ask you for:
  1. Your account password
  2. Your social security number or tax identification number
  3. Your full credit card number or PIN
  • Messages claiming that your account will be deleted or blocked unless you take immediate action.

Lastly, remember that N26 doesn’t have cooperations with job and housing agencies, market research institutes, product testers or credit brokers on external sites that ask to confirm one's identity via a video call. If you come across a third party who asks to open an N26 bank account to verify one’s identity, it is most likely fraud.

What to do if things seem phishy? Be wary of any unusual requests and trust your initial judgement; if a request seems suspicious, it probably is!

If a request seems suspicious, do not click on any links, open or download attachments, reply or trust the contact information displayed in the email.

If you've received a suspicious email that claims to be from us, please forward it to phishing@n26.com, delete it immediately and reach out to our Customer Support service via chat on your app.

Back to Blog