Navigate to main page content
Become a customer

Fraud prevention

Would you fall victim to fraud?

  • You are willing to risk your own money to get rich fast
  • You often communicate with strangers online
  • You keep large amounts of cash in your account
  • You feel anxious when the bank or the police contact you by phone

At first glimpse, you’re protected from scammers. However, they have advanced as well by no longer targeting only gullible people but anyone they can. Scammers are clever and take advantage of real campaigns and news, and they are constantly getting better in local languages. Test your weak spots.

Types of fraud

Scammers have various carefully thought-out schemes to scam people for money. Every scheme targets a soft spot in human nature, such as lack of attention, fear of missing out on a good offer, fear of solitude, or fears in general. Let’s see how these schemes work and how can you protect your money.

1. Phishing and smishing

Read more

2. Investment scams

Read more

3. Phone scams

Read more

4. Payment scams

Read more

5. Love scams

Read more

6. Work-related frauds

Read more

1. Phishing and smishing

You received an email from the swebdank.ee domain. Seems legit, right? But check it again. There’s a typo, but the scammer creates false trust by likeness to a real address.

By phishing and smishing for your data, a scammer aims to get access to your Internet Bank account or card details and get you to confirm transactions with your actual PIN.

  • First, the fraudster sends you a text message or an email, urging you to act fast, claiming that there’s suspicious activity in the account, you must update your details immediately, or pay a courier’s fee. They could also display attractive ads in social media, invite you to participate in a prize draw, promise benefits from discounts, etc.
  • Scammers use logos of banks and well-known brands, as well as similar email and website addresses.
  • Once the victim has entered their details, the scammer may use them to commit fraud any time then or later.

How to prevent phishing?

  • Never share your bank details, such as username, card details, or PINs with anyone. Real banks never ask for your personal information!
  • When entering your PIN, make sure that you initiated the payment and that the details are correct (compare control codes). Keep in mind that PIN1 represents you and PIN2 is your signature.
  • Never click on links if you feel unsure that they take you where they promise to take you. Be especially suspicious about links in text messages. Instead of using the link, long into the Internet Bank.
  • Don’t open or download email attachments.
  • Make sure the page is authentic. It’s essential to check that the website address is error-free. For example, correct Swedbank addresses begin with https://www.swedbank.ee. Also, make sure that the sender’s email ends with @swedbank.ee. Carefully check the spelling!

2. Investment scams

Keep in mind – if productivity sounds too good to be true, it’s probably not true. As a rule, investment scams, crypto scams, and pyramid schemes use strong emotions to target human weaknesses. Scammers aim to keep the victim on the hook by convincing them even if they become suspicious.

  • For example, you see a profitable investment ad on social media. You fill in the form and someone contacts you to explain the scheme further. In case of love scams, the investment scheme is introduced by a love interest the victim met on a dating app.
  • The scammer asks you to transfer the investment sum to an investment account (for example, on a cryptocurrency platform) that is under the scammer’s control. They may also ask you to make the transaction via foreign trading platforms. In this case, they ask the victim to register an account on a foreign platform and self-authenticate with a personal ID. This way, they get the hold of the victim’s personal information.
  • Next, the scammer contacts the victim and shows a healthy profit, urging the victim to make new payments to increase the profit even further. The aim is to create excitement from a game of chance. For example, they ask to transfer money at a specific time, wait for a letter, or upgrade to an even more profitable level. In a pyramid scheme, emphasis is put on recruiting new investors. As a reward, scammers promise high interest rates risk-free.
  • Everything changes when the victim wants to take out their winnings. Either the contact goes silent, or they ask for additional fees, such as income tax, etc. The scammer may also offer paid legal advice to get back the lost money, and if the victim agrees, another scam cycle begins.

How to prevent investment scams?

  • Do some research: Google the company and people (search their photo on google.com) that are offering the investment opportunity. Be vigilant because the scammers may be using detailed false identity. Read more about cryptocurrency schemes on www.chainabuse.com. Google pyramid schemes to get information from financial regulators.
  • Discuss it with someone you trust. The scammer may ask you to keep the “opportunity” a secret or instruct you to give false information when responding to the bank’s inquiries, creating a clever illusion of an inner circle. Before making any decisions, ask a friend to take a look at it as a bystander.
  • Be very suspicious of offers that seem too good to be true. Think before you act and disclose your information. Would you really do so in a normal situation?
  • Do not allow a scammer install remote control software on your computer.

3. Phone scams

Someone calls you from an unknown number or Swedbank’s number, and the caller introduces themselves as a bank employee, public servant, etc. and asks you to take action to prevent damages.

On top of classical phone scams, modern scammers use AI or deepfake calls that are almost inseparable from human voice. When you get a call from an unknown number, it’s relatively easy to suspect fraud, but with deepfake, scammers fake to be your own contacts, such as a friend or child, asking for a quick money transfer. It’s nearly impossible to detect whether the voice belongs to a real person or if it’s created by AI. A good trick is to agree on a secret word beforehand. There are few known cases of deepfake fraud in Estonia, but it’s already spreading across the world.

  • Scammers stress on urgency – you need to act fast, or you’ll lose money.
  • They urge you to disclose personal details or allow the caller to install software on your device.
  • This way, scammers get access to the victim’s account and money, and are free to steal money from the account, take payday loans in the victim’s name, or get the victim to hand over cash (for example, as part of a fake police operation).

How to prevent phone scams?

  • The bank or the police never ask you to withdraw money from your account to identify someone’s illegal activity. If someone calls you about a “police operation”, end the call and contact real police.
  • Banks and state institutions never ask clients to enter personal passwords or PINs by phone.
  • Cut off the call immediately, don’t continue chatting with the scammer. Don’t answer questions because the speech synthesiser learns from every word you say and every piece of information you reveal about yourself.
  • Don’t share your bank details, such as username, card details, or PINs with anyone. Real banks never ask for your personal information!
  • Do not allow callers install remote control software, such as AnyDesk or TeamViewer on your computer.
  • Agree a password with your friends and family for personal conversations to confirm that they are really the person they claim to be.

4. Payment scams

  • Advance payments for goods. Often, advance payment is asked by online sellers of foreign vehicles, electronics, or communication devices.
  • Post office and courier scam. Targets of these scams are mostly people that order or sell goods to private persons online. The victim gets a text message that they have a parcel waiting but to receive it, they need to click on the link and pay customs tax. Or they contact a victim via Facebook Marketplace, for example, and give a link, asking them to enter their details for delivery by courier. Through the link, they collect data to empty out the victim’s account.
  • A favourable loan offer online. Targets are usually people who do not qualify for loans from credit institutions. They need a loan to break out from the payday loan cycle or improve their living standard. To get a loan, they are told to pay transaction fees.
  • Inheritance fraud. A victim is told that someone they have never been in contact before has left them a large sum in their will. To receive the inheritance, they are told to pay transaction fees. Lottery and donation scams are similar. The victim is contacted about an alleged lottery win or donation from a charitable organisation.
  • “State institution” payment scam. Some of the most common schemes is creating fear of potential issues with government institutions. To avoid problems, the victim is ready to make payments to close an account or cover fines. Examples include a cryptocurrency account opened in the victim’s name without their knowledge to make illegal transactions, watching child porn, etc.

Please note! At first glance, you are contacted by a company, but they ask you to make payments to a private account. Scammers tell you to pay fees, for example for the notary, opening a foreign account, a bank card, delivery of a bank card, certifying documents, etc. Usually, the payments are less than €1,000 but there is more than one payment.

How to prevent a payment scam?

  • Think carefully if it’s an actual payment request. Have you played the lottery? Is it realistic that a stranger left you an inheritance?
  • Be especially vigilant about offers that require you to make advance payments.
  • Make sure that you are really in contact with the service provider they present themselves to be.
  • In case of an unknown merchant that urges you to pay, and the offer seems to be too good to be true, it’s most probably a fraud.
  • Real state institutions never ask you to make payments in a private account.

5. Love scams

Are you looking for a date or life partner? A love or date scam is made extra complicated by the double suffering of the victim. First, the scammer steals their money, but also violates their trust by creating false feelings.

  • Often, lonely people are more susceptible to these scams. They may meet someone on social media or a dating app and feel an immediate connection.
  • Fraudsters rely on similar back stories, such as a US soldier ending their career, an actor, another celebrity, a single but successful gentleman, a sailor, etc. Or if the victim is abroad, they pretend to be an investor that relocated to Estonia to advance their career on the recommendation of local friends. If necessary, they may give detailed descriptions of local areas and restaurants they visit. A common thread is that the victim cannot meet the new acquaintance. They avoid turning on the camera in video chats, giving bad connection or low lighting as an excuse. Meetings and dates are postponed for various reasons.
  • When the scammer has won the victim’s trust, they ask for money to cover family emergencies (usually, someone from their family needs help with medical costs), buy tickets to finally travel to the victim’s location, pay for package delivery fees, or participate in an investment venture. These scammers are usually not pushy but play on the victim’s feelings to make them want to play along.
  • As long as the victim pays, the scammer remains friendly. Once they run out of money, the attitude changes. When the victim finally realises that they have been deceived, they suffer an emotional setback – the whole world seems to collapse.
  • A love scam is tricky because the victim has a hard time accepting bystanders’ opinion. They disclose the relationship from friends and family, give deceptive information to bank employees, etc.

How to prevent love scams?

  • Acknowledge if you are susceptible to love scams, especially if you are single.
  • If a new relationship seems too good to be true, then discuss it with someone you trust. In most cases, your gut feeling is correct.
  • Do some research in social media and online. For example, google the person’s profile picture (on google.com). The same names, photos, and schemes have been used for years, and a lot of material is available about them online.
  • When an internet acquaintance asks for money, say that you need time to think about it and discuss it someone you trust. Never transfer money to them, whatever the reason may be. Never take a loan to transfer it to your internet acquaintance. If they do not take no for an answer and becomes irritated, it’s most likely a fraud.

6. Work-related scams

Against an employee

The aim is to get employees reveal their passwords and authentication methods to access the employer’s system and business communication through an employee’s computer or monitor mail exchange to find the right moment to request payment to scammers’ account.

  • Scammers invade the company’s or their cooperation partner’s email account to get access to their contacts and email contents. This gives a scammer many options to commit fraud. For example, they could use the inbox information to send business partners an email with falsified payment details.
  • The email may contain new account numbers to use for future payments, whereas the invoice looks authentic.
  • Another option is to send an email from the manager’s account, asking to make a quick transfer.

How to prevent work-related scams?

  • Check every request from business partners, especially if they ask you to change the account number for future payments. Use a different communication channel to check the validity of the transaction.
  • Assign a single main contact person to communicate with companies whom you make regular payments.
  • Set a rule for payments exceeding a limit that you make extra checks of bank account and sender (for example, by making an extra check by phone).
  • When you receive a message that a business partner wishes to change their details, send an information inquiry on their previous regular contact address. Do not use contact details used in the most recent letter or email.
  • After paying an invoice, send the recipient a confirmation letter. To ensure safety, mention the bank name and last four numbers of the account used to make the payment.
  • Ask your employer or colleague by phone or in person if they really asked you to make the payment.
  • Be vigilant about the information you share about your employer in social media.

Against a job candidate

  • There’s a job ad in social media, offering an opportunity to earn money from finance intermediation, etc. As a next step, the victim needs to confirm their identity by disclosing their username and confirm transactions with their PIN.
  • Scammers use the false website to collect data and get the candidate to confirm transactions with their PINs, thinking it’s a part of recruitment process.

How to prevent work-related scams?

  • Do some research on the recruiter.
  • Think before you act and disclose your personal details.
  • Never share your bank details, such as username, card details, or PINs with anyone.
  • When entering your PIN, make sure that you initiated the payment and that the details are correct (compare the control codes). Keep in mind that PIN1 represents you and PIN2 is your signature.

Contact us 24/7 via (+372) 6 310 310, if:

  • you have noticed any suspicious actions in your account
  • you suspect that third persons have received access to your Internet Bank
  • you have faced fraudulent actions aimed at obtaining your login data or misappropriate your funds

We will block your card or access to your Internet Bank account immediately and no one else will be able to access money in your bank accounts.

  • Block your card - you can block your cards in our app or internet bank. In internet bank log in, go under Cards > My cards > choose a card you wish to block and use slider “Block card”. Via the Swedbank mobile app, under “Cards” by switching the setting from “Active” to “Blocked”.
  • Order a new card - If you want to remove your card information from the merchant, order a new card instead of replacing it. Replaced card information is automatically updated at some merchants.
  • Report a security flaw – if you notice anything suspicious that may potentially be a security flaw, report it! How to notify us.
  • You shouldn’t confirm transactions or logins to internet bank or app, which are not initiated by you under no circumstances.
  • You shouldn’t ever disclose your personal data or data used for login to internet bank & app to other persons, including family members, friends or bank employees, unless you are calling to the bank.
  • Do not write down, send by e-mail, SMS, etc. or otherwise save any confidential codes and passwords to unlock the screen of your computer or mobile phone. Create complex passwords, that are difficult to guess, memorise them and change them regularly. When creating PIN codes, be sure to make PIN codes in random number combination. Do not use combinations, such as 1111, 1234, dates of birth other personal details etc.
  • Remember that your User ID number is as important as your personal code, thus pay a great deal of attention to its security.
  • Keep in mind that after login you will have access to many services including external ones which do not require additional authentication.

We will also automatically block access to Internet Bank if incorrect login data (User ID or code from the PIN code generator) is entered 5 times in a row.
You can unblock it by calling us at 6310310 / 6132222 (from 8:00 to 20:00 on working days, and from 9:00 to 16:00 on Saturdays). In case of a repeated block, you will have to visit the bank’s branch. You should book a visit in advance. Have you discovered any unauthorised transactions on your account performed prior to the blocking of Internet Bank access? Review your account statement and submit the information to us.

The login session is terminated when no activity happens for 5 minutes. You will be asked to re-enter your login details. Time limits are used for security reasons, to prevent Internet Bank access if a user forgets to log off from his/her account after finishing using the Internet Bank.
Once you finish Internet Bank session, log off (by clicking 'Logoff') and close the browser.

On the computer:

By clicking on the lock sign you should see the correct Swedbank certificate:

On the smart device:

Before entering your login data, make sure that the website domain is “swedbank.ee”.

When accessing internet bank via a laptop or stationary computer, follow these safety measures:

  • Install antivirus software and configure it to automatic update of the virus definitions database (at least one auto-update per day).
  • Install the local firewall. It should be configured so that it prevents connections from the Internet to your computer.
  • Use the latest browser and operating system available.
  • Turn on automatic updates for all software. If it cannot be updated automatically, regularly check on its ESTest software.
  • Set your browser to block pop-ups.

Check computer safety.

  • More information on the ways to secure your device and to safely use other Internet services is available on the following websites:
https://www.ria.ee/en.html

Do not forget to follow safety measures when accessing internet bank via mobile devices:

  • Download applications only from trusted sources such as the App Store, Google Play or Windows Phone Apps – Microsoft Store.
  • Do not jailbreak your mobile device to get around limitations set by your mobile network operator or device manufacturer. It will remove protections built into the device to defend against mobile threats.
  • Always screen lock your smart phone or any of your computers. If several levels of screen lock security are offered, always use the highest security level.
  • Do not allow other persons to use your phone or tablet where the Swedbank mobile app is installed.
  • Do not reveal the screen lock codes to other persons and do not allow to unlock your phone with other persons’ biometric data.
  • Use antivirus software.
  • Always adhere to the requirements or security alerts of the manufacturer of your phone device.

When shopping online, be cautious with your personal and financial data. Properly assess the threats, which you may encounter on the internet. We recommend ensuring protection of personal devices and always following these safety tips:

  • Only shop in reliable shops. It is always safe to buy goods and services in well-known Estonian and foreign e-shops with a good reputation. Take a critical approach to unknown sellers and try to find out more information about their activity. Study public internet feedback about a specific online shop. Find out whether the website presents detailed contact data of its administrator (address, phone, email, etc.), and make sure it does not contain various errors in their links (additional words or letters, strange symbols), popup windows, advertisings, a great number of links instead of informative content.
  • Be cautious about discounts. You have found a high-quality product offered at a particularly low price? Before making a payment order, be sure that the company that offers the product really exists and is trustworthy. Be careful about advertisements in social networks. They may lead you to a fake online shop.
  • Safe shopping by card. When shopping in foreign e-shops, the most common way of payment is by card. In this case you will have to indicate the details of your payment card. If an online shop participates in international security programmes, special logos such as “MasterCard SecureCode”, are used in this shop. You may be redirected to internet bank to confirm payment transaction by logging in. Learn more about “Safe online shopping” programme here. Before making a payment in an online shop, please evaluate safety of the online shop and study public internet feedback about its activity.
  • Safe payment via electronic banking system. When shopping in Estonian online shops, usually you will be redirected to Swedbank internet bank account. You will recognise it from the Swedbank logo and internet bank address: https://www.swedbank.ee/banklink. It confirms that payment is made directly through the bank system. After you enter your login details, the website will automatically display the generated payment form.
  • Third party providers. As of 14/09/2019, when you shop online, you might be offered to use payment initiation service, offered by payment institution (PISP), other than the bank, to pay for goods or services. If you choose to initiate payment from your account, kept with the bank, you might be asked to fill in the payment order form in the PISP’s environment, and give your consent to transfer data, necessary for performance of payment transaction, and later to confirm payment order with the Swedbank internet bank authentication mean. If you have noticed any transaction in the account statement, not authorised by you, inform us immediately by calling 6310310 (for private clients) or 6132222 (for business clients).

It is important for us at Swedbank that our customers can feel safe and secure when managing their monetary affairs with our electronic channels. Therefore, we seek to ensure the highest security level in IT systems. Despite this, an error may slip by. If you have found a security flaw, we would like to hear more about it to be able to correct the problem as soon as possible.

How do you report?

Send an email to us in your local language at responsible-disclosure@swedbank.com. Optionally, you can use our public PGP key to protect the information you send over. Make sure to have included the following information:

  • Detailed description of the vulnerability containing such info as URL and type of vulnerability.
  • The necessary information that we need to resolve the problem.
  • If applicable, a screenshot of the vulnerability you have found.
  • Contact information, name and surname, email, phone number, and your public PGP key (if you have one).

This personal data submitted by you will be processed by Swedbank in order to inform you about the analysis of IT security flaws noticed by you and their correction, and, if necessary, to contact you regarding the revision of the information submitted by you. More information about Swedbank’s data processing procedure is available in the Swedbank Principles of Processing Personal Data.

What can you report?

You can report security flaws that you have found in any of our services. Examples of security flaws are cross-site scripting, flaws in encryption or flaws with security implications in logic controls. The reporting service is not designated for other logical errors, errors in texts, questions about our services, questions about the security of our services or similar.

What can you expect from Swedbank?

We will confirm that we have received your description, continuously keep you updated while we process the issue, and inform you when the issue is fixed. Claims for compensation as a condition for sending in a vulnerability are not accepted.

What is required from you?

It is important for both us and our clients that you follow good practice, i.e. that:

  • You do not use the vulnerability to access or attempt to access information that does not belong to you.
  • You do not use the vulnerability to remove or modify information.
  • You do not affect the availability of our services.
  • You give us an opportunity to fix the reported vulnerability before going public with it.

Can you file a report anonymously?

Yes, but we won’t be able to respond and keep you updated on the status.

PGP key

Use this PGP key if you want to send us an encrypted e-mail. But using it is not required.

Key ID: 0x0AD6CCAF

Control code: 2D14 4030 6D4B 68C3 F286 3AC6 333B E8E4 0AD6 CCAF

We encourage you to update your browser and operating system version as soon as an update is released. These updates can be set up automatically for better security and experience in our digital channels. We officially support these browser versions:

  • Google Chrome 105 and later;
  • Microsoft Edge 105 and later;
  • Mozilla Firefox 121 and later;
  • Safari 15.4 and later.
  • Do not share your personal authentication means. If you want to give your family members or your employees rights to manage funds on your accounts, please, request the Bank to grant them respective rights. They will be able to use company’s accounts on behalf of their own and by using their own personal authentication means. You can revoke these rights at any time. It is also possible to order a supplementary card linked to your account for a family member to use. Sharing the same authentication mean between the employees or family members is strictly forbidden.
  • Remember, that security of all your data (User ID, PIN codes, mobile phone number provided to the bank, personal number, etc.) is the key for protecting an access to your money.
  • If you’re using a public computer, avoid entering personal information as there might be malware that records your details.
  • Do not keep User ID number together with authentication means and their confidential codes.
  • Never send authentication data by email.
  • Never disclose your login information, unless you are initiating the call with the bank. No one has the right to request you to provide your personal number and authentication mean by phone. If you receive a call from a person stating he is an employee of the bank, end the conversation immediately.
  • Your Smart-ID or PIN code generator PINs should not coincide with any part of your phone number or the sequence of numbers.
  • Always compare control number and read “see what you sign” if available.
  • By entering PIN2 of Smart-ID you are usually confirming a payment or an agreement. Be extra careful when doing it.
  • You will get an SMS when new Smart ID account is created. Contact bank immediately if it wasn’t you who created Smart ID.

How to stay safe? Read more on our blog.

Swedbank logo

Internet Exploreriga ei saa internetipanka avada.

Palun kasuta Google Chrome’i, Mozilla Firefoxi või Microsoft Edge’i.

Alates 23. märtsist ei ole võimalik Internet Exploreri veebibrauseri kaudu Swedbanki internetipanka avada.

Internet Exploreri kaudu ei saa teha ega kinnitada Swedbanki makseid ka teistel veebilehtedel.

Soovitame kasutada Internet Exploreri asemel Google Chrome’i, Mozilla Firefoxi või Microsoft Edge’i uusimat versiooni. Nende seadistamise juhendid leiad siit.

С 23.03.2021 Интернет-банк Swedbank недоступен в браузере Internet Explorer.

С помощью Internet Explorer невозможно авторизоваться или осуществлять платежи через Swedbank на сторонних веб-страницах.

Вместо браузера Internet Explorer мы рекомендуем использовать браузеры Google Chrome, Mozilla Firefox или Microsoft Edge. Инструкции по установке упомянутых браузеров можно найти здесь.

From 23.03.2021 Swedbank Internet Bank and Banklink is no longer available using Internet Explorer browser.

It is not possible to authorize or make payments from Swedbank on other web pages using Internet Explorer.

Instead, we suggest using Google Chrome, Mozilla Firefox or the newest version of Microsoft Edge. To find out how to install the suggested browsers, please click here.

Klienditugi - Инфо и помощь - Customer service: +372 6 310 310

You have been logged out from Internet bank

For extra security close the browser window. If you wish to continue using Internet bank, please log in again.


Contacts

SWEDBANK AS
LIIVALAIA 8, 15040
TALLINN

SWIFT code/BIC: HABAEE2X
Reg. number: 10060701

Useful links

Legal information

Customer programmes

This is a website of companies offering financial services – Swedbank AS, Swedbank Liising AS, Swedbank P&C Insurance AS, Swedbank Life Insurance SE, and Swedbank Investeerimisfondid AS. Before entering into any agreement read the terms and conditions of the respective service. Consult a specialist, where necessary. Swedbank AS does not provide a credit advisory service for the purposes of the Creditors and Credit Intermediaries Act. The borrower makes the decision of taking out a loan, who assesses the suitability of the loan product and contractual terms to his/her personal loan interest, need and financial situation on the basis of the information and warnings presented by the bank and is responsible for the consequences related to concluding the agreement.