Financial Safety

Fraud is an activity in which people or organizations deliberately use unfair means to gain material benefits and misuse personal data. Such activities may include providing false information, identity theft, financial manipulation, or selling counterfeit products or services.

As the number of fraud cases is increasing, we invite you to familiarize yourself with the most common types of fraud in Latvia and receive tips on how to take care of both your personal and business financial security.

photo

Private customers

Scam phone calls (vishing)

Our customers are currently reporting that they have received calls in Russian claiming to be from the police informing them of a suspicious transaction in their account or a loan taken out in their name. If necessary, a second person will join the call, or the customer will receive a second call, claiming to be a bank employee and confirming what the fake police employee is saying. They will then ask the customer to complete actions using Smart ID or MobileSCAN, or to give them their online banking log in or card details.

Fake prepayments and fake invoices

Fake prepayment scams are also currently popular. Scammers offer a product on social media or through selling websites, and ask the buyer for advance payment, but do not deliver the product. These types of scams work well for products which people are in need of, like wood pellets, briquettes and firewood, and are offered at a particularly good price. The victim, wanting to save money, replies to the offer and is caught out by the scammers. Fake prepayments are similar to fake invoices, which are issued in the name of a company. This company may really exist, but the company’s true bank account details are replaced with the scammer’s details.

Fake lotteries

Fake lotteries put on by scammers pretending to be well-known organisations or businesses have not gone anywhere. For example, a person is notified that they are the lucky winner, and in order to receive their prize, they must verify their identity by making a symbolic bank transfer. In any case, you must first check whether a specific lottery has a permit number and is registered in Latvia; if in doubt, it is worth contacting the Lotteries and Gambling Supervisory Inspection. You should be particularly careful if you are asked to prove your identity by making a payment as per the company’s terms and conditions - this is probably a scam.

Helping the needy

Using direct communications online and fake profiles, scammers often use moving, dramatic stories and requests claiming to be from people needing financial support, thus convincing people to transfer money and help those in need.

Romance fraud

Scammers search for victims on online dating sites, social media or by email. After faking their identity and creating a connection, after a while the scammer begins to ask for help, for example, in an emergency situation, for plane tickets to visit their “lover”, to cover moving costs, to cover medical costs for a worsening health condition, and other excuses for why they need money.

Obtaining online bank log in or card information (phishing)

Phishing is a scamming method which uses different approaches, such as emails, text messages, phone calls or manipulating search engines (such as Google or Bing), to trick the customer into entering their personal online banking or payment card details into websites created by the scammers, or stating them over the phone. The scammers use this information to make purchases or transfers from the customer’s bank account.

Scammers create a duplicate of an online banking or e-store website, which usually looks very similar to the original. Afterwards, the link to this fake website is shared via email, text message or in internet search results. Emails and texts are usually sent as if from the bank, asking you to click on the link to, for example, view an important message, block an outgoing payment, or change your login details.

There are cases when the scammer submits an advertisement to a search engine (like Google or Bing)  so that it appears as the first search result. The user clicks on the advertisement, which has a fake link, and is forwarded to a phishing site which looks identical to the original service provider’s website.

Fraudsters also impersonate state institutions, companies, or portals, such as the State Revenue Service (SRS), 'Latvijas Pasts,' or the justice portal elieta.lv. When recipients receive fake text messages or emails, they are invited to click on a link provided in the message or email. The purpose of these messages is to claim overpaid taxes, to do customs clearance, or view documents supposedly related to legal proceedings. Clicking on the link redirects the person to a phishing website where they are asked to enter their internet banking access data. This information is then used to defraud financial resources, acquire various loans, and make purchases in instalments.

Fraudsters also obtain the necessary data to activate Google Pay and Apple Pay payment methods. Pretending to represent a legitimate state institution, company, or portal, fraudsters invite individuals to click on a link under the pretext of receiving, for instance, an undelivered package. Upon opening the fraudulent link, users encounter fields where they are prompted to input their card details and activation code for Google Pay or Apple Pay. This misleading process grants fraudsters the opportunity to link your payment card with their device's Google Pay or Apple Pay wallet, enabling them to carry out unauthorized transactions. 
 

Investment fraud

Scammers pretend to be investment brokers or bank employees and offer to make particularly great-value investments in shares, bonds, cryptocurrencies or elsewhere. They ask you to install a programme (like Anydesk, among others) in order to make investments, or simply ask you to transfer money to their account. These scammers often create websites where the victim can track their “growing profits,” as false success encourages the victims to invest more and more.

So far, all cases of investment scams follow the pattern of the victim receiving a phone call notifying them of the “opportunity of the century” to invest and make a profit. The person offering the investment usually speaks Russian, although more have been speaking Latvian lately. The phone numbers they contact are chosen at random, or taken from an illegally-sourced database. The victims of these scams are often older people, and often people take out payday loans or even try to take out bank loans for the investment opportunity.

Scams aimed at those selling goods

Scams aimed at sellers, rather than buyers, are also becoming popular. In these cases, rather than posing as a seller, the scammer pretends to be a buyer and contacts the seller about purchasing a product via courier. Typically, the scammer sends a link to a website pretending to be from a legitimate courier, like DPD or Omniva, which asks the recipient to enter their card details. In this case, you must pay attention to where the link takes you, check the web address, and think critically about the amount and type of information requested of you. We also recommend that sellers organise their own delivery, rather than clicking on links sent by strangers. We recommend that both buyers and sellers use trusted delivery services and look sceptically at unfamiliar services, checking whether they truly exist, reading reviews etc.

Fake employers

Fake job offer scams are still active. Scammers will pretend to be bank employees, call and offer a job based on advertisements posted by those looking for work. To pretend to verify your identity, the caller asks you to open a bank account and pass on your online banking login details. We have also identified a scheme where the scammers call the victim via video call and ask them to show their ID documents to the camera. In this manner, the scammers gain access to the victim’s information, and the account is used as a transit account to transfer money scammed from other people, while passport information is used to apply for loans etc. You must be careful when posting job-seeking advertisements. Remember that your account access data should be known only by you, and bank employees will never ask for it.
 

Loan fraud

Scammers will post a loan offer on social media with a very good interest rate. To apply for the loan, they will ask the victim to give them their online banking access details or payment card information, under the pretence that this is necessary for evaluating the victim’s creditworthiness or verifying their identity. Loan fraud is also often committed without access to online banking or card details, because the victims themselves transfer money to the scammers’  account. In this case, the scammers will ask the victim to make various payments in order to process the loan, for example, as a contract processing fee or loan insurance payment, or as a deposit for the loan. These transfers are most often made to a private individual’s overseas bank account, rather than to a business.

icon More questions
Don’t respond to requests for fast action

People can often become confused when they need to make a fast decision. If a service provider is hurrying you, you feel confused, and you don’t know how to act, keep a cool head and take your time to think about it. Remember the first tip: check all the information. Neither the bank nor other legitimate organisations will hurry any customer to immediate action. Similarly, if you receive an unbelievably good investment offer, don’t rush to make a decision about it, and check the legitimacy of the transaction with a trusted specialist or bank.

Carefully check information

Always check what web address is shown in the internet browser address bar: does it match the service provider you were trying to access? If you use an online search engine (such as Google or Bing), don’t open the first result, marked as an ad, without checking its address.

Before you enter sensitive information (username, password, authorisation codes, payment card details) into a website, check again whether the website is real. Check whether the contact information in the message is real, and use the publicly-available phone numbers named in official sources to contact the bank. Don’t rely on the caller’s phone number, and do not return the call to their number.

Don’t open links or attachments in suspicious emails

First, carefully check the email address and sender: are they familiar and real? Often, an email address is set up which is similar, but missing a letter or has an added symbol, thus imitating a username or organisation name. You should also ignore requests to install programmes or apps. Under no circumstances should you enter your banking information into any links sent to you or programmes that you have been asked to download.
 
 

Do not share your personal information

Never — whether by phone or online — agree to requests to pass on information about your banking details, payments cards, passwords and codes, and do not enter this information into links that have been sent to you. Always remember that bank or police employees will never ask for your account access details.

icon More questions
image
icon

What do I do if I am a victim of a scam?

If you suspect that you have become a victim of a scam, contact us immediately by calling +372 77 00 000 or emailing info@citadele.ee. You should also notify the State Police.

How to prepare for your conversation with the bank?

  • Briefly describe or explain what happened; collect any proof you might also have (such as the fraudulent letters, text messages etc.).
  • Review your account statement and report all transactions that you did not make yourself.
  • Tell us what personal information you revealed, such as username, online banking password, MobileSCAN PIN code.
  • Did you download any programmes onto your device at the request of the scammers, and if so, what?

We will block your payment card and online bank to ensure that your finances are secure, and we will inform you about your next steps.

photo

How do I safely use MobileSCAN?

MobileSCAN is an authorisation device integrated into the Citadele mobile app, which enables you to log in to the online bank or app, confirm payments and sign documents conveniently and securely.

When you download that Citadele app, we test the security level of your mobile device, meaning that MobileSCAN complies with the highest security standards. However, for your own financial security, please remember to be careful of who you give your personal information to.

  • Never give anyone your MobileSCAN PIN codes.
  • Only enter your MobileSCAN PIN code if you are currently making a payment or attempting to log in to a Citadele portal (such as the online bank).
  • If you have lost your mobile phone, contact us as quickly as possible by calling +372 77 00 000 to block MobileSCAN.
photo

How can I recognise the Citadele online bank?

  • Always check the web address. Our website’s address is www.citadele.ee and our online bank’s address is: https://online.citadele.lv/.
  • Scammers often try to trick people into using fake websites which look similar to the original. Always check whether the address and domain match Citadele’s address. If you notice even a small change, such as www.citadele.com; www.citadelebanka.lv or citadelelv.com among others, under no circumstances should you trust the page, and you should contact us immediately by calling +372 77 00 000.
photo

For business owners

Although it is often thought that scammers only target private individuals, businesses are also targeted. These cases are rarer, but the amount scammed from businesses is usually far greater than when individuals are scammed.

Scammers pretend to be business partners or managing a business

Scammers pretend to be existing or new business partners and take over communications by email, sending fake bank account numbers for making transfers. For example, someone posing as a new business partner sends a fake invoice for advance payment for a service or business deal.

We recommend always taking the time to check. The best way is to use a different method of communication to verify that the invoice was indeed sent by the company, and to check that the service for which the invoice has been sent has really been received.

Change of bank account

To avoid scams, we recommend only using officially verified and confirmed contact information for communication and sending documents.

When you receive information about a business partner’s bank account or other changes to how you pay them, we recommend checking whether this change is true using an official contact channel, such as a phone number.

icon More questions
image
  • when you receive information on a business partner’s bank account change, check that this is indeed the case. For example, if you receive an email, check by phone;
  • open two bank accounts, separating your current account from the account linked to your payment card, which can help protect your business from larger sums of money being stolen;
  • keep your bank account, payment card and authorisation details in a secure place which cannot be accessed by third parties;
  • introduce a multi-step service payment process;
  • enable SMS notifications for all payments from the company account, which will enable you to keep on top of transactions and report scam payments in a timely manner;
  • if an invoice sum exceeds a previously-agreed limit, introduce a two-person (at least) confirmation process;
  • limit the number of people who are informed about planned transactions, as this information can be used by scammers;
  • it is best not to use social media to contact your business partners, as scammers often make fake profiles pretending to be someone else in order to steal money.
photo
icon

How do I report a scam?

If you suspect a scam, contact us without delay by calling +372 77 00 000 or your contact person at the bank, and submit a report to the State Police.
chat logo