Phishing

How UBS is protecting its clients against fraudulent e-mails.

The purpose of fraudulent e-mails – so called phishing e-mails, derived from the words 'password fishing' – is to trick recipients into disclosing their personal security features on fake Internet sites. The e-mails and Internet sites pretend to represent serious businesspeople in order to prompt bank clients to enter their e-banking passwords, PIN codes or scratchlist numbers. Thanks to our high security standards, however, we are able to offer UBS e-banking clients enhanced protection against such scams.

Double security features

UBS has introduced a chip-based security solution for UBS e-banking login which is modelled on the challenge-response procedure and is considerably more effective than traditional solutions on the market (e.g. scratchlists).

This solution has the decisive advantage that the UBS e-banking card PIN (comparable to a traditional e-banking password) is not transmitted via a PC keyboard and the Internet, but is always entered locally on the client's card reader. As this card PIN is not transmitted over the Internet, it is better protected than with traditional security features.

Another advantage of the UBS security system is the fact that the second security feature, the response code (similar to a scratchlist number), is generated on a one-off basis each time the user logs in, and can only be produced in combination with the card PIN, the personal chip card and the card reader. For security reasons, this response code – which is transmitted via the Internet – has a very short life span.

The personal UBS e-banking security codes are saved on the e-banking card and are protected by the personal card PIN. If the PIN is entered incorrectly three times, the e-banking card is irrevocably blocked and a new card must be ordered.

What e-banking clients should look out for.

Although UBS e-banking is not directly affected by fraudulent phishing e-mails of this kind, it is nevertheless vital that UBS clients observe our security recommendations on an ongoing basis. Generally speaking, users should ignore any e-mails prompting them to check or enter their security features (PINs or any other codes). They should also make sure that they do not attempt to log in anywhere other than the official UBS e-banking login page.

Fraudulent e-mails relating to UBS should be forwarded to e-banking.hotline@ubs.com so we can try to establish where they have come from.