Small entrepreneur
Cards and accounts
Currency and monetary market
Newsroom
Capital markets
Subsidiaries and associated entities
Research Reports
CSR
Investors and shareholders
Custody, storage, issuers
Careers
SME^{< 1M Euro}
Loans
SME^{1-50M Euro}
Savings and investments
Agriculture
Corporate
Online banking

Beware of cyber attacks!

We would like to inform you that there is a phishing action on e-mail and SMS, which targets BRD customers. This type of action aims at stealing personal data (name, CNP, phone number, etc.), card data and OTP validation codes (6-digit number received via SMS from BRD), with the purpose of unauthorized activation of the internet and mobile banking service YOU BRD. If you receive emails or text messages that do not appear to be from trusted sources, we recommend that you do not access the links, do not reply to incoming messages, do not open attachments, and do not provide any information.

Report any suspicions to us at mybrdcontact@brd.ro.

Here are some examples

1. Obtaining access to your computer and your data by using malicious software

BRD NEVER asks for: your card number, application activation codes or PIN code. Data updates are operated in agencies, contact centers or by accessing the official website

2. Malicious people may contact you under various pretexts, such as representatives of a real organization, to request information or personal documents, including:

Information such as bank statements and debit or credit card details held
A copy of your passport, driver's license or other identification
Authentication data in remote banking services (online or mobile), such as username and password

Tips for a cautious attitude

Avoid accessing links or attachments from unknown sources

Verify official sites before operating any type of transaction or online payment
Never reply to unsolicited emails, text messages (SMS) or phone calls from strangers requesting personal information without first checking the sender

Use unique and complex passwords for every online account, including email, and never share passwords or PINs
Enable 2FA (two-factor authentication) for enhanced security, wherever this option is available
Avoid the transmission of personal data and misuse. Ex: The card is a payment instrument, not a collection one. To collect money, use the 24-digit IBAN, not the 16-digit card code
Don't respond to mandatory requirements (eg closing a non-payment service subscription, paying a fictitious courier fee)
If you face such situations check the veracity directly on the suppliers' website or turn to dedicated customer service
Contact your Bank only at the number specified in the contract with it , in case you receive a message informing you that you have authorized a payment or confirming the completion of a transaction that you did not make.
Report any unexpected connectivity issues with your mobile service (inability to make calls, send text messages, etc.) to your service provider to ensure that you are not a victim of a SIM card fraud attempt.

* Phishing is a method of illegally obtaining confidential personal and financial data of victims by using methods of social manipulation consisting of impersonating trusted public or private institutions.

Please note that the internet and mobile banking application, YOU BRD, can be activated EXCLUSIVELY by downloading it from one of the stores dedicated to each manufacturer:

Also be vigilant with other types of attacks or scams.

Fake buyers

Remain vigilant when you want to sell a product and use various sites to run a sales ad, even when the sites are famous.

How does it work?

You have a product for sale and you want to promote it through an advertising site. Subsequently, you are contacted by phone or WhatsApp by potential buyers who seem to be interested in your product.

Careful!!! Fake shoppers are extremely clever and persuasive to get you to disclose your bank card access information , motivating you to get your money's worth much faster.

After a few discussions, you reach an agreement with the potential buyer, who tries to persuade you to accept his offer to receive payment by card. Thus, the fraudster asks you to provide directly on WhatsApp / SMS the confidential data related to your card or to access a link sent by it. If you access that link, a WEB page will appear, apparently belonging to the advertising site, but this site is completely controlled by fraudsters. This will ask you to enter the card details on which you would like to receive the money (eg card number, expiry date, CVV / CVC security code, 3D SECURE password received on your phone), including the registration / enrollment code of the card in the Apple Pay application (electronic wallet application). In fact, the fraudster captures all this critical data of access to your bank account and, implicitly, the control over your money. That way, you'll be able to pass on your sensitive data to fraudsters. Subsequently, based on this information, fraudsters can make various online payments, avoiding standard security filters.

How do we protect ourselves?

Please be vigilant, do not access the links provided by potential buyers and do not provide them with confidential data.

Various scams in the online environment

Online fraud is currently the most widely used type of scam internationally. The phenomenon is booming, correlated with the increase in the number of users and, at the same time, online transactions. The most common methods of fraud are:

Investment fraud which may include "opportunities" to invest in stocks, bonds or virtual currencies. Thus, various people guarantee you attractive earnings if you make various investments using certain trading platforms or transferring sums of money to accounts indicated by them. In reality, both platforms and accounts are controlled by fraudsters.

Inheritance / Unexpected Donation You are notified that a friend or relative has left you a fabulous amount of money, and all you have to do is pay a fee to transfer the money to the accounts indicated by the fraudsters.

How to protect ourselves:

Avoid contact with strangers online
Be wary of offers that promise "safe" investment, guaranteed recovery or high earnings
Never send money or disclose confidential card details (PIN, authorization code, enrollment codes on various trading platforms, etc.), or copies of personal documents

Payer handling

How does it work?

The fraudster obtains access to electronic mail (e-mail) between two business partners. It tells the buyer that payment must be made to a new vendor account , which is actually controlled by the fraudster. In order to increase the degree of authenticity, a modified invoice is sent to the victim (containing the new account to which the payment is to be made), which is very similar to the authentic one. If the correctness of the information is not verified and the request is complied with, the buyer transfers the money to the account controlled by the fraudster.

Also, in other cases, the fraudster claims to be the legitimate representative of a supplier of goods and / or services and, in this capacity, requests the modification of payment dates so as to collect the value of the invoice in the accounts controlled by him.

The fraud can be identified late when the real supplier warns the buyer that he has not yet collected the value of the goods / services provided.