Security basics at Nuri
Security at Nuri starts with the first tap. This post will share some simple techniques to stay safe online.
Security at Nuri starts with the first tap. This post will share some simple techniques to stay safe online.
Phishing scams: How to protect your passwords online
One of the most common tricks used by online criminals is a phishing scam. Phishing is a made up word, combining ‘password’ and ‘fishing’. It’s an attempt by scammers to acquire your personal information, such as usernames and credit card details by posing as someone you trust, like Nuri.
Scammers might try to contact you through emails, text messages or even phone calls, asking you to hand over your login credentials or personal information to access your online accounts for their personal gain. In some cases, they might try to make you log into a fake website that resembles the one of a company you trust.
How can I spot a phishing email attack?
Here are some tips to stop phishing email scammers in their tracks.
1. Check URLs
Only use your login from the official Nuri destination (ie. Nuri: https://nuri.com/). You should always double-check login information in the URL browser to ensure you’re at the correct destination.
2. Check links
Never click on a link that refers to something that you didn’t confirm. If an email tells you to reset your password or confirm your details again, ignore it and report it.
If you're unsure about an email, hover your mouse over any links you see in the body of the message before clicking on it to reveal its true destination.
3. Check content and spelling
Spelling errors? Grammatically incorrect? While it’s not hugely uncommon for companies to make the occasional mistake in their communication, any poor spelling should ring alarm bells.
Most phishing emails use generic greetings such as “Dear Valued Customer.” It’s always best to double-check the content to get a feel of the email.
4. Don’t trust the “display name”
Don’t get caught out by email spoofing. Email spoofing is when an attacker forges an email so that it appears the email has been sent by someone else. This is either done so that the entire name and email address of the sender is a forgery, or in some cases, just the name of the sender.
5. Don't open suspicious or unexpected attachments
Some phishing emails will try to get you to open an attached file. They will often contain malware aimed to infect your device. If you open them, you might unknowingly give access to the data on your system, and even lose access to your device.
Screen Sharing Scams
Phishing is not the only way that scammers can trick people. Screen sharing fraud is a scam that often targets banking customers.
Hackers impersonate bank employees or investment agencies and ask you to download a screen-sharing app for remote access.
The criminal behind the scam might try to convince you with several plausible excuses, such as easier registration, guidance to usage of the application, better investment opportunities and access to new online banking features.
Why would a scammer target me with this?
This scam enables the scammers to control your computer remotely and send your money to their own account. Criminals take advantage of how often technology is used to make business and finance easier, which means you should always be vigilant when managing your finances online. Here are some useful ways to identify a screen sharing scam:
An unsolicited email / phone call / text message is received
You have been contacted by someone posing as a company representative with reasons varying from issues with your account, fixing the application to even offering an investment opportunity.
You are asked to download an app
You will be asked to download an application from the App store or Play store, such as Anydesk, TeamViewer or VNC Viewer on your device and give permission for the hacker to control your device remotely.
You are asked to share a code with them
They ask you to share a code generated by the downloaded application, such as a 9 digit code for Anydesk which will allow them to control your device.
What if this has already happened to me?
Remove the remote sharing application immediately from the device.
Deleting the application will stop the fraudster having access to your banking information. Closing the application is not enough, as they can operate in the background, even when devices are locked.
Check all the recent transactions and balance of your account
The best way to know if you have been targeted is to check your transaction history.
Reset the credentials associated with your account
If you haven’t spotted any fishy transactions, but suspect you might have given a fraudster access to your account, immediately reset your credentials.
- If something feels wrong, check the credentials of the sender and report them immediately.
- Do not share any personal information such as your credentials, pin, etc with anyone.
- Watch out for fraudsters impersonating Nuri customer support that ask you to download applications or make changes to the settings of your device.
- Do not forward any unsolicited SMS or emails.
- Do not share any codes from any applications on your device.
How to spot potential fraudsters?
Too good to be true…
As the old age saying goes, if it looks too good to be true then it probably is. Fraudsters often do a great job of reeling people in with their promise of helping you create huge returns on investments that will run relatively small risks.
As tempting as it can be to commit to an investment that promises you large returns overnight, chances are it's a scam. However, there are ways and means of mitigating the risk.
Social media platforms remain a popular way for scammers to reach out to potential victims (Facebook, Instagram etc.) and entice people in with their amazing investment opportunities.
Any reputable broker would reach out to a potential customer using their work email address which would include their domain. More often than not, anyone reaching out to you via social media with investment advice/opportunities should not be trusted.
Sometimes the fraudster may ask you to share your screen using platforms such as Anydesk or TeamViewer. They’ll often cite reasons such as it will make the registration process easier for you or they can show you how to use the account more efficiently. Sharing your screen using such platforms grants the fraudsters access to your account and your funds.
This can even allow them to lock you out of your own account. Never share your screen or account details with anyone. This puts you at great risk.
So you decided to invest, and now your 'broker' informs you that you made a huge profit. You'd like to get it paid out, but all of a sudden, you have to pay a fee. The fraudsters can disguise this unexpected payment as a broker fee, or taxes.
Somehow, they failed to mention this extra payment to you before and you find yourself asking why they can't withhold it from your profit. At other times you’ll also be told that you need to pay an extra fee in order to increase your trading limits.
You’ll often find that the communication from the fraudster will be pushy and forceful with them subjecting you to time pressure. A legitimate broker would never force you to make a financial decision and pressure you to invest.
They would take the time to present the potential risks and outcomes in a neutral manner whilst also addressing any concerns you may have.
How to mitigate the risk?
Always check the email address, this is often one of the best ways to identify a fraudulent investment company (eg. firstname.lastname@example.org - a legitimate company will have their own domain and not use gmail, protonmail etc.)
Always conduct a web search of the investment company that has contacted you ending the web search with the word ‘review’. You can also use the following words to help narrow down your search - scam, safe, legit, fake, fraudulent
Warnings can also be found online issued from the BaFin.
The Financial Conduct Authority has created a helpful scam checker which can be found here.
Some things to note regarding Nuri…
- We will never provide you with investment advice. This is something we do not offer, nor are we licensed to do so. We also do not have a sales department.
- Any contact that you receive from us will be through email addresses using our own domain which end in @nuri.com. We will never reach out to you via Whatsapp, Facebook, Instagram or other social media platforms asking you to open an account with us or invest.
- We do not apply withdrawal fees for FIAT transactions and we will never, ever ask you to provide us with your login details. These are yours and yours alone.
- We do not pay taxes for you nor will we reach out to you asking you to pay taxes on your investments. This responsibility lies solely with the customer.
How to spot app-testing scams on the internet?
Picture this: You spot an ad online where you can register as an app tester and provide your feedback on our app receiving a decent payment in return for a relatively quick and easy job. All you need to do is go through the verification procedure, verify the account and then try out the app.
The person(s) advertising these jobs will often be overly friendly and eager to help you through the process. They’ll have everything prepared for you, providing you with an email address and password to set up the account with so you don’t need to use your personal email.
You’ll be told how to answer all the questions asked during the verification procedure. Then once your account has been verified, you’ll notice you’re no longer able to log in. The password has been changed and you cannot regain access. The scammer will now have full control over the account to send and receive payments, using your account to launder money under your name.
Please note that we will never reach out to you asking you to test our app, nor do we outsource this to third party providers to do this on our behalf.
How to mitigate the risk:
- Look out for mistakes within the text of the advertisement. We’re all prone to the odd mistake here and there but any reputable company will ensure that their job advertisement is well presented, concise and free from any spelling or grammatical errors.
- Always conduct a search for the company online to see whether anybody else has left reviews regarding the legitimacy of the company. You can use the following words to help narrow down your search - review, scam, safe, legit, fake, fraudulent
- Never provide confidential information such as identification documents, tax information etc.
- Check whether the email address they’re contacting you from ends in their company domain. Legitimate companies will normally have an email address using this as opposed to a regular email address ending in @gmail.com or @yahoo.com etc.
- Please be mindful that a legitimate company would never reach out to you via WhatsApp or other social media.
Some further things to note…
- Always be mindful that it is easy for people to create a profile with a fake picture to lead you to believe you’re interacting with a legitimate person via phone or email.
- Please do not open an account under the recommendation of a third-party. An account should only be opened at your discretion.
- Please do not open an account using an email address or mobile number that does not belong to you.
- Most importantly, please do not open an account with the purpose of app-testing.
We hope that this information is helpful to you. However, if you are worried and think you may have already been a victim of a fake job advertisement please do not hesitate to get in touch with us at email@example.com and we will be happy to support you.
You will be connected to an experienced agent who will be able to address your concerns and provide you with the support and advice that you need. Your account safety is our top priority and we’re here to help.