Fraud prevention

Protect your data

You can report any suspicion and attempted fraud at the email address oar call at 021 303 69 69.

The continuous development of technology has led to increased electronic transactions, so online security is extremely important.

Protect your pin, your log on data or any other personal data and do not offer them to third parties. Choose a higher complexity password, with more characters, using combinations of letters and numbers in order to have a greater degree of safety, avoiding common words such as your name or date of birth. Do not leave the winbank application open and log out from it every time you complete your transactions. Access the winbank application directly from the Bank’s website ( or install the application on your smartphone from safe sources. Install a licensed antivirus program on your computer and your smartphone and update it periodically. Do not open emails received from unknown persons and no documents or links attached in these emails. Periodically check your transactions and if you identify operations that you do not recognize or you have not done it, contact immediately First Bank at the phone numbers: 021/303 69 69 / Tel Verde: 0800 801 802.

Access to First Bank’s servers is controlled by special firewalls which allow registered customers to access certain services and have the ability to deny the access to systems and databases which contain secret banking information. From end to end of connection (on-line session), by winbank application, all information and personal data are encrypted with Secure Sockets Layer (SSL) 128-bit encryption protocol. If the winbank session is inactive for ten minutes, the system will automatically disconnect you. The ExtraPIN Code is mandatory in order to use the winbank’s operational menus. The ExtraPIN is an additional security code which you will have to use in order to make payments to third parties, payments in LEI or foreign currencies and also for other transactions. In a First Bank branch you can select the accounts for which you DO NOT want to have access via winbank.

Phishing is a method of deception through which electronic messages are transmitted requesting personal identification and authentication data or accessing websites. The most used method is sending alleged emails on behalf of the bank which contains a request to access a link in order to confirm personal data. This link directs you to very similar websites to those of the bank with the intention to steal personal and authentication data. Remember: First Bank never asks its clients to change or confirm personal or authentication data by accessing a link from the content of an email! Be careful at generic messages. Fraudulent messages are, most of the time, impersonal and mixed with grammatical mistakes or of expression etc. If you identify such websites in relation with First Bank, contact the bank immediately. Smishing (SMS phishing) : this method is used to mislead potential victims in order to steal personal or authentication data. Usually messages are like: “ Congratulations! You won XYZ prize. To get this prize, please send us your personal data/ card details ( card number, expiration date, CVV), etc.” Remember: Do not respond to such requests. Do not send your personal data, card details or authentication data to other people/ phone numbers. If you receive such messages, notify immediately your mobile provider and the Police about the phone numbers from which you received the SMS. Vishing is phone calling in order to deceive persons into providing personal data or performing operations regarding funds/asset transfers. Most of the time, malicious persons pretend to represent a legitimate company, usually a bank or a mobile provider. Remember: If you receive phone calls from people which request you to provide personal data, transfer the balance from your account to another account because you have been compromised or any other similar situation, hang up the phone and contact First Bank preferably by using another phone than the one that you were called. Be reserved to unknown callers! It is preferably to set all calls from unknown numbers to go to the voicemail. Malware is a malicious software used to take, without the owner’s consent,personal information from your infected computer/smartphone, such as passwords, bank data and other confidential information. There are many ways for a malware to infect a device, whether it’s a link that directs you to a malicious website, SMS, a social network posting or installing an application from an insecure source. Remember: Always check the authenticity of the websites before logging in, tracking the existence of “https” and a locked lock after the name of the site, color differences or mistakes in the name of the website. More than that, another sign of a secure web page is the green color of the writing in the address bar or of the whole address bar (in case of Internet Explorer). Install a licensed antivirus tool and update it periodically. Scan periodically the device with the selected antivirus. Do not use public and unencrypted Wi-Fi networks. If you are not sure about the security of a website, leave it immediately. Use an updated antivirus which also owns an anti-phishing filter. Email spoofing is the fraudulent activity performed by email, for attempting to obtain personal data, of authentication or device infection by requesting to open a link. Usually, the address of the sender and other properties in the email header (“from”, “reply to” etc.) are modified in order to hide the real address of the sender. Remember: If you receive messages which seems to come from your own account or if you receive a response to an email you did not send, you are probably the victim of a spoofing attack. DO NOT open the emails and delete them as soon as you notice them. CEO Fraud or Business Email Compromise Fraud is the fraudulent method for malicious persons to intercept email communications between people/ companies. Most of the time, the email compromise fraud occurs during correspondences when hackers instruct a company’s staff to make urgent payments to partner’s accounts, to different accounts than those known and used up to that point. Remember: Permanent verification of data changes of partners and suppliers, namely the address, the name, email address, IBAN account. Confirmation through other channels (phone, other email address etc.) of payment instructions to other IBAN accounts. Money mules are those people which, for a commission, transfer an amount of illegally obtained money to other people accounts with the intention of losing trace of the beneficial owner.The most targeted persons are unemployed ones, students and, generally, people who have financial difficulties. Remember: Avoid collaboration with people who ask you to make banking operations on their behalf. Do not open a bank account on your name for unknown people. Do not answer to messages and phone calls in which you are promised an amount of money as a commission for making transactions on behalf of other people. The “accident” method is the one in which people of good faith are called, usually with hidden phone number, by malicious people that recommend themselves as being lawyers/ doctors/ police officers, and are told that a member of the family has suffered an accident and an amount of money is urgently required, usually transmitted by fast money transfer services or by giving money to an intermediary. Remember: Hang up the phone call immediately. Check the information from independent sources. DO NOT transfer money. Call the Police immediately. False sale ads of products (cars,equipments etc.) at prices too good to be refused, those people which are interested being instructed to transfer money through fast money transfer services (Western Union or Money Gram) as a guarantee or a down payment. Subsequently, they are required to transmit to the seller the supporting documents by email, WhatsApp, etc. and he/she uses the data to create a false ID and at the same time, uses the reference of the transaction to withdraw the money and so, the buyer of good faith is deceived and never comes into the possession of the desired asset.
Skimming is the method in which, with the help of electronic devices attached to ATMs or POSs of merchants, data from the debit/credit card magnetic band is illegally copied. These data are then stored on a cloned card and used to make transactions. Remember: Analyze the aspect of ATMs, especially the removable parts such as keyboards, the cash dispenser and the card reader. Do not give to other people your PIN code, card number or CVV code from the back of the card, do not write them in your phone, address book or on your card. When making payments at merchants try not to lose the card from your sight. Regularly check your transaction history and if you notice anything suspicious, contact the bank immediately at the phone number written on your card.
This website uses cookies. By closing this pop-up, you express your consent to the usage of cookies.
The site is optimized for Chrome, Firefox or Safari
(function(h,o,t,j,a,r){ h.hj=h.hj||function() {(h.hj.q=h.hj.q||[]).push(arguments)} ; h._hjSettings= {hjid:1201617,hjsv:6} ; a=o.getElementsByTagName('head')[0]; r=o.createElement('script');r.async=1; r.src=t+h._hjSettings.hjid+j+h._hjSettings.hjsv; a.appendChild(r); })(window,document,'','.js?sv=');