Online frauds are becoming a more and more frequent threat. Learn all about the methods used by cyber criminals, how to protect yourself from them and how to act in case you become a victim of cyber crime.
Online frauds are becoming a more and more frequent threat. Learn all about the methods used by cyber criminals, how to protect yourself from them and how to act in case you become a victim of cyber crime.
How to Avoid Getting Scammed
- Be reasonable - Never open email attachments from unknown sources. Also, always make sure you don't click on any suspicious links or banners.
- Be private - Never share your login information or devices with anyone; create strong passwords and don’t use the same passwords for more than one account.
- Be independent - Don’t log into your trading account while using public Wi-Fi or public devices (in hotels, internet cafes etc.)
- Be on time - Always update your devices and software to the newest version. Remember to use antivirus software.
- Be aware/conscious - To evade scam, gain more knowledge about the methods used by cybercriminals.
Most Common Fraud Methods
Vishing
This method is based on impersonating employees of various investing, service and financial companies and even police or other services on the phone. Scammers are mimicking employees of known and popular companies and use their authority to make calls during which they try to extort login, password or debit/credit card data.
Under the pretext of additional authorisation, data update or system malfunction, they will often ask for personal information and try to persuade users to install apps like AnyDesk or TeamViewer, which give scammers access to phone or computer, letting them steal the data or money.
Remember! Never give anyone your password to trading, financial and any other accounts.
Phishing
Scammers using this method create fake internet websites or emails that closely resemble those from banks or investing companies. They often use logos and copy the graphic layout of messages. Under the pretext of updating the data, authorisation or confirming the transfer, scammers suggest to log in using such fake websites.
Remember! Never open suspicious links and attachments from unknown sources.
Smishing
Cyber criminals using this method send an SMS in which they inform, for example, about the new transaction on your account and need to confirm it by going into the link, which leads to a fake website. After user logs in to such a fake website, scammers steal their login and password, granting them access to real accounts.
To extort such data, scammers can also give different reasons, like deactivation of service or IQ tests. Scammers even impersonate government and national institutions, create a fake SMS informing about the dangers of, for example, the vaccination program.
Remember! Always check the sender of the message and the safety certificate on opened sites.
Learn About Methods That Scammers Use When Impersonating XTB
The callers, who often do not introduce themselves, explain the possibility of executing profit from investment, citing their partnership with XTB.
Scammers often do not introduce themselves and don’t give the name of the company, unless they are asked to do so. Criminals often impersonate XTB by sharing authentic and publicly accessible data. Scammer can also claim to work for an XTB “partner” company.
Remember! XTB Consultants always introduce themselves at the beginning of the conversation. XTB never uses services of external companies to contact the clients and XTB workers do not provide investment advisory services. Remember! If you are having any doubts, hang up and call us on +44 2036953085 or write an email to uksales@xtb.com.
The caller impersonating an XTB employee claims that the automatic investing function was turned on on an inactive broker account, which resulted in accumulation of a certain amount of money (sometimes even cryptocurrencies) that can be withdrawn. To withdraw the money, the scammer asks for login data and other sensitive information.
Remember! XTB employees never make any transactions on clients accounts, and they do not trade on behalf of our clients. Such claims are aimed to grab the victims attention and make them trust the scammer. If somebody offers you gain from an investment you never made, then it’s a fraud aiming to steal your data.
The caller impersonating an XTB consultant claims that in order to withdraw the money, you have to install additional software (AnyDesk, TeamViewer or Quicksupport) or asks for account access data.
Remember! XTB Employees never ask you to install any other software than our trading platform, and they never ask for your login data. Installing programs like AnyViewer or Anydesk gives the scammer access to see anything on your device and control it remotely. That way, scammers will snag your login data, which lets them, for example, steal money straight from your bank account.
I opened the link, which redirected me to a suspicious site closely resembling the XTB website.
One of the most original methods of scammers is creating clones (identical copies) of popular service providers like XTB. This kind of website often looks identical to the official website, but its only purpose is to deceive the victim who, thinking that they are visiting the real website, will log in with their real login information, which will then be used by the scammers. Frauds can use different variations of the web address, hoping on the victim's lack of attention, such as XTB-GROUPS.COM, XTBE.COM etc. The websites can also use typos like XTTB.COM. Such a fake website can be recognised by an inappropriate URL address or a lack of safety certificates.
Remember! XTB website address is https://xtb.com and other, but always based on main XTB domain. For example, the Polish site can be found under the https://xtb.com/pl address. Before giving you access data to xStation or Investor’s Room, make sure you are on https://co.xtb.com/ or https://xstation5.xtb.com/ domains. All authentic XTB websites possess a safety certificate market by a padlock sign (in the website address bar).
Important Questions and Answers
How can I check if the website I'm logging on has a safety certificate?
Remember to log in exclusively through https://xtb.com website. You can check the safety certificate by clicking the sign of closed padlock on the left side of browser address bar. After clicking on the padlock, you will receive description of the safety protocol.
XTB applies the highest standards of security. All data are transferred using the safe and coded SSL connection.
How do I create a safe password?
You password must include at least 8 characters, including one capital letter and one number. To improve your password security you can also use special characters like “!@#$%&” and other. Password can also include Polish letters like “ą, ź, ż, ó, ł” etc.
Remember! Never share your login and password with third parties. A good practice is to change your password often, and not use the same password on more than one website.
What will an XTB employee never ask me for?
Even though XTB consultants will verify your data at the beginning of the conversation, they will never ask for:
- Password to your account
- Installing the app for authorisation or remote control (e.g. Anydesk)
- Giving your credit card information
- Transferring money (in order to confirm the payment) on number other, than one shown in the investors room
Where can I download the XTB mobile app?
There are two verified sources from which you can download the xStation app:
- Always download the mobile version of the app from the official app stores. For Android smartphones it’s Play Store available at https://play.google.com/, and for Apple smartphones it’s AppStore available at https://www.apple.com/pl/app-store/. After visiting the store, simply type XTB in the search bar and download the app.
- You can find the up-to-date desktop version of the platform on our site www.xtb.com
How can I verify that I’m speaking with an XTB employee?
Clients can verify each call by calling +44 2036953085 or emailing us at uksales@xtb.com
How Does XTB Care for Your Safety?
- Access authorisation - XTB app allows authorisation by password, fingerprint or a code - thanks to this only you have access your account.
- Encrypted connections - All connections between XTB servers and mobile app on your device are fully encrypted, raising the security level.
- Protection of means/money - Your money can only be transferred to your personal account. Nobody will transfer the money to an account other than that of a client.
- Multi-factor authentication - For your safety, we confirm key changes or information using different methods of contact (phone, email, sms).
- Advanced network infrastructure - XTB constantly develops their infrastructure by investing in the newest technologies to guarantee safety and security for you and your investments.
CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. 76% of retail investor accounts lose money when trading CFDs with this provider. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.
XTB Limited is authorised and regulated by the UK Financial Conduct Authority (FRN 522157) with its registered and trading office at Level 9, One Canada Square, Canary Wharf, E14 5AA, London, United Kingdom (company number 07227848).
This content has been created by XTB S.A. This service is provided by XTB S.A., with its registered office in Warsaw, at Prosta 67, 00-838 Warsaw, Poland, entered in the register of entrepreneurs of the National Court Register (Krajowy Rejestr Sądowy) conducted by District Court for the Capital City of Warsaw, XII Commercial Division of the National Court Register under KRS number 0000217580, REGON number 015803782 and Tax Identification Number (NIP) 527-24-43-955, with the fully paid up share capital in the amount of PLN 5.869.181,75. XTB S.A. conducts brokerage activities on the basis of the license granted by Polish Securities and Exchange Commission on 8th November 2005 No. DDM-M-4021-57-1/2005 and is supervised by Polish Supervision Authority.