Security

Basic financial security rules when using online banking
  • Before logging in to your personal account, always check that the page address is correct. Official websites of Bank Uralsib: https://online.uralsib.ru/login и https://www.uralsib.ru/.  
  • Whenever possible, log in to online banking from a device that only you can access. Use a licensed operating system and update your antivirus software in a timely manner.
  • Do not leave unattended or give to third parties the phone on which you receive one-time confirmation codes. Do not set up message and call forwarding from your phone number to someone else's number.
  • Do not follow suspicious links on the internet and do not open strange files from email mailings or in messengers.
  • Do not install remote access software on your phone or computer at the instruction of third parties, for example, TeamViewer, AnyDesk, RustDesk. Using such software, fraudsters can connect to your devices and gain access to your accounts.
  • In case of loss or theft of your card, you must promptly notify The bank of the incident to avoid financial losses. If your phone is lost or stolen, report this to all banks where you have accounts opened.
  • When changing your phone number, notify all banks where you have accounts opened so that the new owner of the number does not gain access to them.
Поделиться ответом
How to protect your online banking password

The following rules will help you protect your account and create a strong password.

  • The password must contain 8–50 characters, at least 1 letter and 1 digit. It is unsafe to use 4 identical or consecutive letters or digits in a row (1111, 1234, etc.), as well as common passwords (12345678abcd, qwerty123, your surname, login, or part of it).
  • Do not use your online banking password anywhere else.
  • Do not enable autofill for your login and password on your devices and do not store this information in your phone or on paper. Do not use public computers to log in to online banking, for example, in internet cafés or hotels, as well as public wireless networks, for example, free Wi-Fi in a café.
  • When you finish using online banking via a browser, do not forget to click “Log out”.
Поделиться ответом
Which banking details must never be disclosed to anyone
  • One-time codes for transaction confirmation
  • Login and password for access to online banking and the mobile app
  • three-digit security code CVV/CVC (three digits on the back side) and the card PIN

Be vigilant! Fraudsters may impersonate bank employees. Please note that bank employees never:

  • Do not request logins, passwords, confirmation codes, the three-digit security code CVV/CVC, or card PINs
  • Do not ask you to do anything to “cancel fraudulent transactions”
  • Do not offer to install remote access software (AnyDesk, TeamViewer, Ammyy Admin, AeroAdmin, Radmin, RDP, RMS, etc.)

A common tactic used by criminals is to report a fraud threat. In this case, you will be asked to do something “for prevention”: transfer money to a “secure” account, install some software, enter a code “to block access,” provide a password “to confirm identity,” and so on.

Поделиться ответом
What fraud schemes exist

1. Depositing money into a “safe account” or “renewal of the service agreement”

This scheme is the most popular among fraudsters. Criminals may call via messengers (WhatsApp, Telegram, Viber), spoof phone numbers to appear as official bank numbers, and pose as employees of telecom operators, the bank’s security service, the Ministry of Internal Affairs, or the Central Bank.

Common scenarios used by fraudsters

  • Renewal of a service agreement with a bank or a mobile operator.
  • Depositing money into a “safe account or deposit box”.
  • Submitting an application for deactivation or for a loan to repay a loan allegedly taken out in your name by fraudsters.
  • Installing an “antivirus” or “device protection” app. In fact, the fraudster is offering you an app to gain remote access to your devices.

They may tell you that there is a fraudster inside the bank, and that a criminal case has been initiated as part of the investigation; they may threaten you with articles of the Criminal Code of the Russian Federation if you refuse to cooperate or disclose information about the “confidentiality of the investigation.” To make it more convincing, they may send photos of “ID cards” and “documents with stamps.”

Calls from “employees of mobile operators” are no less dangerous. Attackers may set up call forwarding for your calls and SMS messages to their phone number and intercept incoming calls and SMS messages. This way they gain access to your accounts and money.

2. Hacking social media accounts

Fraudsters may hack social media accounts. If you receive a message from someone you know asking you to transfer or lend them money, do not rush to transfer money to the bank details specified in the message. First, it is better to call your acquaintance and make sure that the message was really sent by them and not by a fraudster.

3. Remote work

Attackers send information about high-income job vacancies via messengers. They offer simple tasks and payment for each one. Examples of tasks: liking sellers on marketplaces or booking hotels to improve their ratings.

Fraudsters may indeed first pay a small amount, add you to work groups, and send screenshots of “colleagues’ earnings” there to convince you that income is possible. You may be offered to pay for goods in exchange for an even larger “salary,” but once you send the money, the salary will no longer be paid, the “employer” will block you and delete all correspondence.

4. Investments

Criminals create websites and messenger channels about investments and cryptocurrency, promising returns above 20%.

A manager or analyst from an “investment company” contacts you, offers to talk on Skype, and help you understand investments. On the fraudsters’ platforms, you are shown fake charts; in reality, the money does not reach the platform but is immediately cashed out by the attackers. They may be willing to transfer you “investment profits” to gain your trust, but this is only a small part of the amount you deposited.

If you want to withdraw all the money from the platform, the fraudsters will have excuses: you need to pay insurance or a withdrawal fee, but allegedly it is impossible to deduct it from the amount you deposited; withdrawal is possible only on a certain day, etc.  Fraudsters always look for ways to get even more from you.

5. Phishing website

Fraudsters create websites similar to official banking websites or online store websites; they can even be found in the top search results in a browser. Before visiting a website, make sure the address is correct. As a rule, one or more letters are replaced in fraudsters’ website addresses; for example, the English l is used instead of the English i. Official websites have an address bar that starts with https, and there is always a closed padlock icon — these are signs of a secure connection, as well as a special checkmark icon.

6. Fraud schemes on classified ad websites Avito and Yula

  • They encourage you to transfer a prepayment before actually receiving the goods or services without concluding a contract.
  • They send a fake waybill from a transport company as proof. Or they really send a product, but not the one you expect — instead, something significantly cheaper.
  • They ask you to switch to another messenger so they can send a link there for “arranging a secure transaction” or for “receiving payment” for goods or services. In fact, the link leads to a card-to-card transfer form, and instead of the expected top-up or refund, money will be debited from your card.
Поделиться ответом
How to distinguish a fraudster from a bank employee

Fraudster

  • rushes you, gives what is allegedly his full name, pressures you, assures you that “he is not a fraudster”,
  • tries to manipulate you during the conversation, threatens, is rude,
  • tries to keep you on the line for as long as possible, 
  • “transfers” you to employees of other banks, the Central Bank, or law enforcement officers,
  • forbids you to tell anyone about the conversation with him and gives instructions on how to respond to bank employees.

If you are not sure that you are speaking with a bank employee, end the call and call the bank yourself using the hotline number 8 800 250-57-57.

Official numbers of other banks are indicated on the back of the cards.

Поделиться ответом
When to contact the bank immediately
  • You suspect that you have become a victim of fraud or that someone has gained access to your personal account in online banking.
  • You received an SMS from the bank about a login to online banking or an attempt to restore access that you did not make.
  • You discovered login attempts from unknown devices that you did not make
  • You learned about transactions and actions that you did not make. For example, closure of a deposit, a loan application, etc.
  • In the event of loss or theft of your phone, cards, or a change of number.
Поделиться ответом
How to block access to online banking

If you suspect that someone has gained access to your personal account in the mobile app or online banking, block it using any of the following methods:

  • call the hotline at 8 800 250 57 57,
  • or visit a bank branch with your passport.
Поделиться ответом
How to check a financial services counterparty

A regularly updated list of organizations showing signs of illegal activity in the financial market is available on the Bank of Russia website

Поделиться ответом

Didn't find what you were looking for?

You can always contact us and find out the information you need.

For calls from Moscow

+7 495 723-77-77

Free across Russia

8 (800) 250-57-57