Confirming the IBAN before validating a bank transfer seems like a routine, almost mechanical gesture. Still, it is precisely at this moment that one of the digital fraud schemes that has grown the most in recent months is concentrated. Scams associated with bank transfers are becoming more difficult to identify and use malicious programs capable of diverting money without leaving evident signs during the operation.
According to Executive Digest, a specialized business and current affairs website, this type of fraud has been gaining expression because it does not depend on visible failures or behaviors considered to be extremely risky.
Even users who use home banking, use strong passwords and activate two-factor authentication can be caught by the scheme, without realizing that something has gone wrong.
A scheme that acts at the exact moment
The logic of fraud is based on replacing the IBAN at the moment the transfer is carried out. The user believes they are sending money to the correct account, but the number is automatically changed by malicious software installed on the device. The operation is successfully validated and the amount goes to an account controlled by the fraudsters.
The most problematic aspect of this scheme is its silent nature. There are no requests for personal data, suspicious phone calls or alarmist messages. Everything takes place within the normal banking operating environment, which drastically reduces the perception of risk.
The role of nearly invisible malware
The source of the problem is, in most cases, the inadvertent installation of malware. All it takes is one click on an apparently legitimate link, received by email, SMS or even through a fake page that imitates a known website. Once installed, the program remains inactive until it detects the introduction or copying of an IBAN.
This type of software is known as an IBAN clipper. Its function is simple and effective: identify the moment of the transaction and replace the account number with a previously defined one, without changing the rest of the page’s content.
Because authentication is not enough
Even when the bank sends a confirmation message to your cell phone, the risk remains. The IBAN presented at this stage already corresponds to that of the fraudsters. If the user confirms the transaction without carefully reviewing the digits, the transfer is completed legitimately in the eyes of the banking system.
The problem can even occur in transfers to saved or frequent beneficiaries, as the change happens after the data has been filled in.
Warning signs during operation
There are, however, small signs that you should pay attention to. Momentary freezing of the screen, an unexpected page refresh indication or a slight delay in a usual step of the operation may be signs of external interference.
Whenever something seems out of the ordinary, the recommendation is simple: stop the transfer and contact the bank before proceeding.
How to reduce risk in everyday life
Prevention involves practical measures. Accessing the bank only through addresses manually saved in favorites, avoiding links sent by third parties, keeping operating systems and antiviruses up to date and not sharing confirmation codes are essential precautions. Carefully checking the IBAN, both on the screen and in the confirmation message, remains the most effective step.
In the case of suspected or confirmed fraud, time is crucial. According to , acting quickly with the bank and authorities can be decisive in limiting losses and trying to stop the transfer of money.
Also read:
