Fraud through fake Nova Poshta links and calls from "supposed" bank employees.

    Dear customers,
    We would like to alert you to the increasing cases of fraud through fake Nova Poshta links, as well as calls to customers by "supposed" bank employees.

    Fake Nova Poshta links

    The scammers contact cardholders via ads placed by them on websites such as www.999.md, www.makler.md and so on, and request delivery of the goods via Nova Poshta or another courier service.
    They then send a link directing the person to the Nova Poshta clone website, asking them to fill in the information on the card (card number, CVV/CVC, expiry date), security passwords received via SMS, available balance on the account, etc.
    As a result of accessing the link, the criminals gain real-time access to view the data being filled in and withdraw the money from the card via P2P transfer or other online payments.

    Calls from "alleged" bank employees

    Escrocii apelează pe numărul de telefon mobil sau Viber/WhatsApp, prezentându-se drept angajați ai băncii, sub pretextul că de pe card s-a efectuat un transfer către Kazahstan (sau altă țară) , solicitând de urgență datele cardului și parole de securitate, pentru a-l bloca. Totodată, aceștia solicită informația despre soldul disponibil pe cont, pentru ca ulterior cu datele de card care au fost oferite, să retragă banii prin transfer P2P sau prin intermediul achitărilor în mediul on-line.

    To avoid such situations, please be vigilant and keep the following rules in mind:

    - Bank employees never ask for personal or card details;
    - For any money transfer to your bank card, the person making the transfer only needs your card number (regardless of the country of origin or destination);
    - Exercise the utmost caution and do not disclose your personal or bank card details (card number, expiry date, CVV/CVC code, security passwords received by SMS) to anyone;
    - Do not pass on your card to third parties, do not leave your bank card in plain sight and do not allow strangers to photograph or copy your card data;
    - Keep the card in a safe place, do not point to its data on various links received and do not save the card data in the device memory;
    - Regularly check your account status via OTP Internet/Mobile Banking and subscribe to the SMS notification service.


    If you have disclosed your card details, please contact us immediately on 022-256-456 (indicated on the card) to review the situation, provide the necessary support or block the card.

  • New online fraud attempts

    New online fraud attempts have been reported. In order to prevent such attempts, we repeatedly ask you to be vigilant to any calls/messages requesting personal or card details, both via social media, phone calls and merchandising websites.

    There are a few simple, but thorough, steps you should keep in mind:

    • DO NOT give OTP Internet/Mobile Banking passwords, card details or other confidential information to anyone under any pretext, even if they are posing as bank employees! OTP Bank employees never call and never ask for confidential bank card data by phone or other communication channels. Discontinue the call and notify the Bank immediately.

    • Do not provide your personal bank card details in response to requests via email, sms, phone or social media (Facebook, Instagram, Viber, WhatsApp, Telegram).

    • Treat with suspicion the proposal to receive money on your card by accessing a link sent by a "potential buyer" who declares an interest in purchasing the goods/services you sell on sites such as: www.999 .md, www.makler.md, www.olx.ro, etc. As a rule, the given links direct you to fake web pages of delivery services, postal services, courier services through NOVA POSHTA, asking you to fill in card data, CVV/CVC, expiry date, balance on account, etc. In reality, this method is used by the criminals to try to collect your bank data in order to illegally steal money from your account.

    • Do not access pop-up windows from unknown addresses!

    • Be vigilant and inform the bank immediately if the ATM you use shows signs of vandalism, additional devices connected, if it has captured the card or has not issued cash, etc. At your request, the Bank will immediately block the card to avoid any loss of money due to possible fraud.

    Regularly check transactions made using OTP Internet/Mobile Banking. Subscribe to the SMS service to receive real-time SMS alerts about your transactions. If you have been the victim of fraud attempts, inform the bank's representatives immediately by calling the Call Centre on +373 256 456 and ask for your card to be blocked.

  • The latest frauds to watch out for

    1. Fictitious sweepstakes organised by an OTP Bank page-clone

    The fictitious OTP Bank page comments on the posts of OTP group pages on social media.
    The pretext is that OTP Bank is offering a large sum to those who participate in the raffle.

    We urge you not to acto on this fraud, as OTP Bank never organises such raffles.

    • Don't click the link in the comments, and if you did, don't do anything else;
    • Close the page, clear your browser cache and restart your computer.

    If you have noticed such fraud using the OTP Bank name, we encourage you to write to us directly by clicking on the green button below.

    New types of fraud occur weekly. Criminals are asking for card details to make transfers and other transactions with your money. Be vigilant!

  • The latest frauds to watch out for

    1. Calls or messages received from "potential buyers".

    Fraud of this type takes place on sites such as www.999.md, www.makler.md, www.olx.ro and others.

    The criminals contact you directly and under the pretext that they cannot meet you to collect the goods, they suggest you to send them using the postal services (e.g. Post Office of Moldova). Also, under the pretext that it would be more convenient for you, the criminals offer to pay you in advance for the goods and ask for your credit card details.

    We urge you not to give your bank card(s) information to anyone under any pretext!

    2. Fictitious sites where you can order online

    You may see sites similar to the ones you know, where you can order online food delivery, catering services, pizza. You need to be careful, as these sites have partially changed their web address.

    When you place your order, after adding your card details and the security code received by SMS, money is withdrawn from your card and this order will never be delivered.

    We urge you to check the sites you order from regularly and with caution. Check their Facebook page, Instagram, look for reviews and before ordering check if there are contact methods. If they don't exist and the given page(s) are not active or are newly created (have few posts, no reviews and poor quality content), you have most likely identified a fraud.

    If you have been the victim of a fraud attempt, inform us as soon as possible and ask for your card to be blocked.
    We urge you to write to us directly by clicking on the green button below.

    New types of fraud occur weekly. Criminals are asking for card details to make transfers and other transactions with your money. Be vigilant!


More information

Fraud cases aimed at obtaining bank card details occur through social media, phone calls and websites that sell goods.

Scammers may pose as representatives of the bank or other reputable companies, and send messages requesting your bank card details (16-digit number, CVV security code shown on the back of the card, expiry date, passwords received via SMS/email) under various pretexts: participation in raffles, surveys, competitions or to purchase products online at a reduced price, etc. Once the criminals have obtained the requested data, they take possession of the funds and carry out P2P transfers or other fraudulent transactions, thus harming cardholders.

Show maximum caution and treat with suspicion:

  • Incoming calls (by phone, messaging services: Viber, WhatsApp, Telegram, etc.);
  • Calls or messages received from potential buyers of products placed on marketing sites;
  • Calls or messages received from people close to you requesting bank card details;
  • Other fraud schemes such as: participation in sweepstakes, purchase of products online at a reduced price, surveys, contests on behalf of the Bank or other well-known companies.


  • Do not give your security passwords, card details or other confidential information to anyone under any pretext, even if the people requesting them are relatives or are posing as bank employees;
  • Treat with suspicion any call requesting personal data, even if the phone number or number resembles that of OTP Bank. Discontinue the call and notify the Bank immediately;
  • Access only websites you know, pay attention to the ads that appear on social networks, check reviews and the name of websites;
  • Watch out for pop-up windows that open automatically when you visit certain sites. As far as possible, set your browser settings to block pop-ups
  • Don't make payments to merchants you don't know, haven't checked out or who look suspicious!

If you have been the victim of a fraud attempt, inform us as soon as possible and ask for your card to be blocked. We urge you to write to us directly by clicking on the green button below.

Types of bank card fraud

Card Skimming

This happens when the card's magnetic stripe and PIN details are illegally captured via devices attached to ATM/POS terminals (card readers known as skimming devices, small spy cameras, as well as fake PIN pads).

The skimming device is placed on the ATM in such a way that its presence is concealed, instead it allows the capture of the card's magnetic stripe information and PIN entry by the customer. The customer inserts the card into the ATM that has been modified with the skimming device, performs a regular transaction and withdraws the card. The customer leaves the ATM without noticing that his card has also been compromised.

The captured information is then used to reproduce counterfeit/counterfeit cards and are used in fraudulent transactions. Customers will be aware when unauthorised cash withdrawals/transactions are made from their bank accounts. Due to the fact that the skimming device is very sophisticated and often difficult to detect, many cards end up being compromised.
Din ce în ce mai mult tehnologia bluetooth wireless este utilizată pentru a transmite datele cardului şi a PIN-ului spre un laptop la o locaţie la distanţă. Această informaţie poate fi apoi trimisă cu uşurinţă oriunde în lume, pentru o producere rapidă de carduri false.

Useful tips

Choose a secure ATM

  • Do not use ATMs with visual signs or excessive warnings placed on them, as they are often used by criminals.
  • Where possible, use ATMs inside banks, other buildings or enclosed areas instead of those located in the street. Street ATMs are much easier for criminals to access.

Analyze your surroundings before using your PIN

  • Always be aware of your physical surroundings. Use ATMs that are in plain sight and well lit. Be extremely wary of ATMs located in dark areas or in places that do not appear to be well guarded and monitored.
  • Make sure that the people queuing at the ATM are at an appropriate distance from you. Be wary of dubious offers to help you use an ATM, even if your card is blocked or you are experiencing other types of difficulties. Don't let anyone distract you. Refrain from making a transaction if there are suspicious people near the ATM.
  • Cover the keypad with your hand so that your PIN is not recorded by a hidden camera or a person capturing your information. Never reveal your PIN to anyone.
  • Your PIN is strictly personal and confidential and must not be disclosed under any circumstances (including for blocking your card), not even to bank officials or the police. Only the password stated in the card application must be used for identification by the bank.

Analyse the ATM

  • If the front of the ATM looks different compared to others in the area (for example, it has an extra mirror on the front), has a sticky coating (possibly from a device attached to it) if it shows signs of vandalism, adhesive, connected devices - use a different ATM and notify the bank of your findings.
  • If you visit an unknown ATM that is not inside the bank, examine it very carefully. Be wary of any different or unusual appearance of the card reader. If the card insertion slot looks unusual/bulky try pushing it with your hand. If something has been stuck to the actual card reader, it will move or even fall off. The card or cash retainer must be stuck to the card reader or ATM. If the ATM appears to have any jamming in the card insertion slot or on the keypad - do not use it. Cancel the transaction. Never try to dismantle the suspected device.
  • Even if you are familiar with an ATM, be very aware of different and unusual features on the ATM keypad. If a fake PIN entry keypad is attached to the original one it will appear "incorrectly attached", being moved back and forth a little.
  • Draw attention if additional cameras other than the basic and obvious ATM cameras are fitted.
    Immediately report the card being held by the ATM. If you can, do not leave the ATM and call the bank where your card was held. Never accept help from strangers to withdraw the card held by the ATM. In addition you can inform your local law enforcement authorities. Call Centre service: + (373 22) 256 456, 24-hour service.
  • It is advisable to notify your bank of a potential risk to your account if the ATM used does not dispense cash, either because of a lack of cash, it may be fake or cash trapping devices (fake metal plate installed above the shutter) may be installed to block the release of cash. The banknotes stick to the adhesive on the plate installed over the shutter and the customer fails to withdraw the cash. After the customer leaves, the perpetrator approaches and withdraws the blocked cash.
  • If you use a non-bank ATM (often in service stations and public places) be aware of the additional charges. Private ATMs not directly associated with the bank make a profit from fees. If there is no indication that extra fees are charged, then that ATM could be fraudulent.

Review account statements

  • Review statements for any transactions you don't recognize. While most frauds are committed very quickly, some don't occur weekly or monthly after your card information is captured. Frequent review reduces the potential impact of committing fraud.
  • If you've lost your bank card, had it stolen by someone else, or if you notice fraudulent transactions on your account, notify your bank immediately about the incident to prevent a possible loss.

If you have been the victim of a fraud attempt, inform us as soon as possible and ask for your card to be blocked.
We urge you to write to us directly by clicking on the green button below.

Email Spoofing

Fraudulent activity carried out via email, attempting to obtain personal data, compromise or infect the device with malicious applications.

The suspicious peculiarities of this message can be argued as follows:

  1. The email address is different from the sender's name;
  2. The message contains an attachment;
  3. The text of the message requests an action: open a document/access a link;
  4. Sender leaves no contact details.

Useful tips

  1. Verify the identity of the person/institution from whom you received the suspicious email;
  2. If you receive a reply to a message you did not send, you are most likely the victim of an attack;
  3. Do not access links in the email and do not open/download attachments;
  4. If you have nevertheless accessed at least one link or downloaded the file, do not enter any personal data, financial data, usernames or passwords anywhere.


If you have been the victim of a fraud attempt, inform us as soon as possible and ask for your card to be blocked.
We urge you to write to us directly by clicking on the green button below.


Sweepstakes or fictitious offers

Attacks of this type are campaigns (offers/contests/team sweepstakes) generally promoted via social media (including those marked as sponsored publications). These publications contain text and images urging users to register for competitions or sweepstakes in order to benefit from prizes and special offers. Usually, in order to participate you are asked to share the publication or if you have accessed the link, to enter your bank card details.

These offers are actually fake, and products purchased through this method usually:

  • Will never be delivered;
  • Bank card security data will be retained and used to initiate unauthorised transactions.

To make sure you get the best deals:

  • Check the reviews on the merchant's website (securely and from another device), Facebook, Instagram, LinkedIN pages to ensure the merchant's veracity before taking any action and especially payment;
  • Always update the apps on your computer and on any device connected to your account to the latest available version;
  • Make sure your browser, antivirus and operating system, likewise, are updated to the latest version;
  • Do not access any links from anywhere.


If you have been the victim of a fraud attempt, inform us as soon as possible and ask for your card to be blocked.
We urge you to write to us directly by clicking on the green button below.



It is a fraud method whereby electronic messages are sent requesting identification, authentication data or encouraging access to links for confirmation purposes. Such messages can come in both email and SMS form.

Messages may look identical to those you receive from your institution, may use language suggesting urgency or obligation, and often come from supposed authorities or people in management to influence immediate action.

Thus, we urge you not to respond to requests for confidential personal banking information, even if they come or appear to come from known, official sources or on behalf of senior management, and even if the nature of the messages would imply that temporary problems are being addressed.

Action steps

  • Do not reply to these messages;
  • Do not access the links in these emails;
  • Check the sender's email address. OTP Bank sends emails only through the domain @otpbank.md;
  • Check for misspellings: phishing messages often contain mistakes because the criminals are not always native speakers or have used a machine translation system such as Google Translate, which does not always translate correctly;\
  • Never give out your card details (card number, PIN code, code represented by the last 3 digits on the back of the card or one-time passwords).

If you have accessed links or downloaded files from such emails:

  • Change passwords for apps and online accounts on a device other than the one you accessed your email from;
  • Enable Two-Factor Authentication (2-step authentication, which involves sending an email or SMS confirming that you are the one accessing the resource);
  • Check your operating system with an anti-virus application for malicious applications;
  • Direct the message as soon as possible to SectiaSecuritateaCardurilorBancare@otpbank.md and ssi@otpbank.md to help identify the perpetrators of the attack.


If you have been the victim of a fraud attempt, inform us as soon as possible and ask for your card to be blocked.
We urge you to write to us directly by clicking on the green button below.


Smishing (SMS phishing)

This method of scamming is carried out using SMS messages and the most common tactic is to mislead potential victims.

Typically, the messages are along the lines of "Congratulations! You've won prize 'X'. In order to receive your prize, please send us your personal data/card details (card number, expiry date, CVV)".

Also, these messages may be received from potential buyers of products placed on goods trading sites (999.md, Makler.md) under the pretext of making payment and/or transferring the deposit for the good to be purchased.

Users are urged to submit payment card details, secure passwords or fill in these details online. In other cases, fraudsters create user accounts on social networks (Odnoklasniki, Facebook, etc.) and send messages requesting bank card details under various pretexts. They ask for full bank card details (PIN, CVV2/CVC2 code, expiry date, secure authorisation code sent via SMS) and then use e-commerce and P2P transfer platforms to carry out fraudulent transactions.

Action steps

  • Do not respond to such requests;
  • Do not transmit personal data, card pictures or login details, secure passwords to other people/phone numbers or via social media messages;
  • Do not access suspicious links for transfer, deposit/payment;
  • If you have been a victim of fraud attempts, keep details of the scam scheme (messages, calls, screen shots) and inform the police/bank representatives immediately by calling the Call Centre 022 256 456 and request immediate blocking of your bank card.


If you have been the victim of a fraud attempt, inform us as soon as possible and ask for your card to be blocked.
We urge you to write to us directly by clicking on the green button below.


Vishing (Social Engineering)

Social engineering is a technique of psychological manipulation through social media in order to disclose/obtain confidential data or take certain actions.

COVID 19 fraud

The COVID-19 epidemic is a topic that is being publicised and used, including by infectors. One of the latest spam campaigns mimics messages from the World Health Organization (WHO), showing that attackers recognise and make use of the important role the WHO plays in providing reliable information about the coronavirus.

Victims are asked to donate money for humanitarian purposes, purchase protective equipment and medical equipment.

Users receive emails from WHO providing information on safety measures to avoid infection. Once a user clicks on the link in the email, they are redirected to a phishing website where they are asked to provide personal information, which ends up in the hands of scammers and is then used for fraudulent payments.

Action steps

  • Do not give out personal details over the phone, regardless of the caller's title;
  • Do not transfer money to persons you do not know, regardless of the reason and situation;
  • DO NOT provide card details, secure passwords or unique identification codes;
  • Report immediately to the police if you suspect you have been the victim of a scam.

Social engineering by phone (Vishing)

From the English vishing - from voice phishing - is a type of telephone fraud, where confidential information is requested from bank customers.

Victims are phoned in order to obtain personal data or to carry out fund/asset transfers. In order for the call to be perceived as genuine, the scammers call via IP telephony and the number is similar to a Call Centre number. Furthermore, the criminals use the data available online (name, surname, etc.) to be more credible.

Useful tips

  • Avoid unsolicited phone calls, disclosing confidential information over the phone and other means of communication; don't give in to pressure if an unidentified person is insistently trying to obtain your bank card details;
  • Be vigilant and treat with suspicion any call asking for personal details, even if the phone number looks like the Bank's, or you are contacted by the Bank Security Service! We recommend that you disconnect the call and notify the bank immediately via the Call Centre: +(373 22) 256 456;
  • The Bank will never ask you to communicate your card details, secure passwords sent by SMS, access passwords or the transfer of funds to an account, whatever the pretext.
  • If you receive phone calls asking you to provide personal data, hang up the phone and contact the bank, preferably using a different telephone device than the one you were called on;
  • Be reserved with unknown callers! It is recommended that you set all calls from unknown numbers to be blocked or forwarded to voicemail.


If you have been the victim of a fraud attempt, inform us as soon as possible and ask for your card to be blocked.
We urge you to write to us directly by clicking on the green button below.