Transactions Security

Online Threats

  • Phishing
  • Malware
  • Vishing
  • Smishing
  • Mobile/PC
  • SIM Swapping

Phishing is the malicious attempt of fraudsters to intercept personal data such as internet banking credentials, PIN numbers for credit/ debit cards, passport numbers, ID numbers, VAT numbers, etc

Phishers send massively e-mails to random e-mail accounts of unsuspected receivers, and either

  • by tempting them or
  • by trying to persuade them that it is necessary,

they ask them to click on a link that exists in the body of the e-mail.

This link leads to sites created by the phishers that look like the official Banks’ sites, in order to mislead the users in typing their personal data.

You can protect yourselves from Phishing by:

  • avoiding to open e-mails from unknown senders
  • not giving your credentials and your personal data to sites of organizations of which you have no knowledge

The term “Malware” (malicious software) stands for the programs that can be installed in your computer or your mobile phone without you realizing it, in order to intercept sensitive information and perform non authorized actions, or, generally, to take control of your device without your knowledge.

Malware that aims to intercept data constantly monitors the sites you visit and if it detects that these sites concern a certain Bank, it secretly starts to record in a local file anything you type (Username, Passwords etc). If needed, it can also save a snapshot/ image of the site. Afterwards, Malware automatically sends all the recorded data (usually as attachment of an e-mail) to its creator. The sent data may be either used directly by the creator of the Malware or sold to a third party.


The most common tactics for installing the Malware are the following:

  • as attached files at e-mails - fraudster send e-mails that try to trick you to follow a site by downloading a piece of software or to open an attachment that subsequently installs a Trojan.
  • as free software (e.g. games movies, music)
You may protect yourselves from Malware by:
  • avoiding opening e-mails form senders unknown to you
  • being very careful where you download files from
  • installing special programs for protecting your devices (anti-virus. anti-spyware etc) and updating them regularly
  • regularly upgrading your programs (operating systems, browsers etc) to their last edition

Known as vishing, or voice phishing, this tactic is a phishing attempt made through a telephone call or voice message. Fraudsters may have the ability to spoof their caller ID so it could appear that the telephone call is coming from the Bank or from a global corporation . Fraudsters may also have the identifying customer information, such as your name, which they may use to make the call appear "authentic". They target the sensitive data extraction that may be disclosed by the victim. These will by his "consent" be used against him.If you do not know your caller, please end the call and confirm his details through Piraeus Bank's contact center 24/7 at 210 3288000 (call from Greece) and +30 210 3288000, from your mobile phone or land line with charges applied according to your plan with your telecom operator.

Do not respond to any of the above categories that ask for account details, cards or passwords and do not follow links that are contained and prompt you to sign in to winbank.

You can identify the official page of Piraeus Bank and winbank from the security lock at the beginning of the search bar.  

Forward such "suspicious» e-mail or text messages to the Bank at or call 24/7 at 210 3288000 (call from Greece) and +30 210 3288000, from your mobile phone or land line with charges applied according to your plan with your telecom operator. Then delete it from your email or mobile.

​A phishing attempt sent via SMS (Short Message Service) or text message to a mobile phone or device. This tactic is also referred to as smishing, which is a combination of SMS and phishing. The purpose of text message phishing is the same as traditional email phishing: convince recipients to share their confidential information.

​It concerns a fraud that belongs to the category of vishing (voice phishing).Scammers call unsuspecting customers on their phones pretending to be representatives of well-known IT companies. Convince customers that their computer needs repair or cleanup and install applications to remotely control their devices (PC, Tablet, mobile phone) - thus gaining ownership and then electronic banking credentials.

How to protect ourselves

  • We do not answer unknown phone calls, especially if they come from abroad
  • We do not install applications when indicated by strangers 
  • We do not allow remote access to our electronic devices (PC, Tablet, mobile  phone) 
  • We do not share with anyone and do not enter into unknown websites our e-banking credentials (username and password) or card numbers. We confirm that we have visited the official website of our Bank. We remember that banks will never and in no way ask for our credentials
  • We make sure that our computer and devices (tablets, smartphones) always have the latest operating system and applications updates. We install and always have a trusted malware protection program up to date
  • In case we fall victim to fraud, we immediately terminate the call and contact our bank

​It concerns fraud where perpetrators initially steal e-banking credentials usually through a phishing email or through malware/ trojan installed on the victim's computer. They then proceed to unauthorized replacement/exchange of the mobile customer's SIM card in order to access mobile telephony services (calls, SMS, push notifications). In this way, the perpetrators gain access to one-time passwords or security verification messages, in order to complete the money interception.

How to protect ourselves


  • If our mobile phone stops receiving or making calls for unusual reason, or if we lose the signal in a location that usually has good coverage, it is safer to contact our network provider and confirm that our SIM is not deactivated
  • We do not disclose our mobile phone number on social media
  • We subscribe to the services of organizations that provide SMS and email notifications when our transactions are executed
  • We do not share with anyone and do not enter into unknown websites our e-banking credentials (username and password) or card numbers. We confirm that we have visited the official website of our Bank. We remember that banks will never and in no way ask for our codes
  • We often check our accounts transactions
  • If we fall victim to SIM Swapping fraud or find transactions that do not have our approval, we immediately inform our Bank

How we protect you

  • Infrastructure
  • winbank Procedures
  • Notifications

The access to the Bank’s systems is monitored by special programs (firewalls), which allow the use of specific services by the clients/ visitors, while forbidding the access to systems and data bases with confidential data and information of the Bank.

Data encryption

From the beginning until the end of a winbank session, all your information and personal data are encrypted based on the encryption protocol SSL-128-bit (SecureSocketsLayer).


Fraud Detection

The Bank has installed fraud prevention and detection systems for the prompt detection of unusual and suspicious transactions.
If such a transaction is detected, the Bank contacts you before executing it.

Automatic logout

If during a winbank session the system recognizes that no action has been made within 10 minutes, it automatically logs you out for your own safety.

extraPIN code

extraPIN is a code that:

• you receive via push notification at the mobile phone that you have activate winbank app
•  you receive via SMS at the mobile number that you have set at your winbank registration

This specific code is necessary for the execution of your transactions via winbank.
If you wish, you may ask for extraPIN use to be necessary for logging in to winbank internet.

Password deactivation

In case you insert wrongly the Password three times, then, for your own safety, it is automatically locked and your access to winbank is prohibited.

Regular change of Password

For your better protection, you must change Password regularly, no later than 3 months. Your new Password should not be the same as one you recently used for winbank.

Product Exception

Through winbank you have the option to choose the products that you do not wish to access via winbank channels (web, mobile and phone).​

Security notifications & alerts

winbank notifies you automatically and for free through special security alerts sent by push notifications at the mobile phone that you have activate winbank app or send by SMS to your extraPIN mobile number, for all monetary transactions involving transfers to third parties within the bank and foreign remittances, regardless of your subscription to the winbank alerts service.

By subscribing to the winbank alerts service you also ensure:

  • immediate notifications for all your account and card transactions
  • notifications every time your credit card statement is issued
  • notification on the eve of a scheduled payment, in case of insufficient available balance in your account or excess of the payment amount you have set for your direct debits
  • notifications for successful and unsuccessful execution of a scheduled payment
  • daily valuation of your stocks portfolio
  • real time updates about your buy and sell stock exchange orders
Further information

How to protect yourselves

  • Safe sites
  • Dangerous e-mails
  • Password
  • Other useful advice
Recognize a safe site

Before entering sensitive data to a site check whether it uses encryption. Evidence that the site is encrypted are:

• Https (“s” stands for “secure”) at the beginning of the site
• Lock icon next to the site’s address or at the bottom right corner of the window- depending on your browser
• The green color and the bar of addresses (which means that the certification required for the encryption of the data is valid)

You may also check the certification of the site by clicking on the lock icon. At the window that opens, you can see if the certificate is valid and who is the owner of the site (e.g. winbank).

Recognize a dangerous (Hoax) e-mail

  • Links to fake sites: Always check where a link redirects you to before you click on it. Place the cursor on the URL and check if the address is the same as the one appearing on the tooltip:
  • Do not trust e-mails that ask for personal data or transfer you to sites that ask you fill in your Username, Password or any other personal information (name, VAT number, date of birth etc). Piraeus Bank will never send any e-mail of this kind.
  • Be careful in wording. Often, the fake e-mails use poor Greek, as far as spelling or syntax are concerned. They give out the impression that they have been written by a person not fluent in Greek.

Password is the first line of defense against online attacks. For this reason, it is very important to choose strong passwords and change them regularly. When setting a password it is useful to keep in mind the following:

• Use different passwords for all your important accounts
• Use passwords with many characters
• Use a combination of letters, numbers and symbols for your password, not every day words. Do not use a sequence of same characters (e.g. b2222222) or characters with a logic sequence (e.g. 12345, abcde).
• Use a phrase that only you know. Do not use data such as your birthday, your ID or VAT number, or passwords based on your name (e.g. spiros123).
• Do not save or write down your passwords in any case
• Your password is personal, so do not share it with anybody, not even with Bank staff. In case you suspect that your password has leaked in any way, immediately contact the Bank.

• Do not open e-mails from senders unknown to you
• Avoid downloading files (games, music, videos, free programs etc) from untrustworthy sites
• Install special protection programs on your devices (anti-virus. anti-spyware etc), which you should regularly update to their last version.
• Do not use computers and mobile devices that do not belong to you and are not trustworthy. Avoid using computers that are placed in public places such as Internet Cafés, hotels, convention areas etc. 
• Avoid using untrustworthy Wi-Fi to access winbank even if it’s provided for free.
• If you detect “strange” function of your computer -very probably caused due to installation of malicious programs-, use the protection program of your computer and/or contact a specialist.
• Avoid using pirate software either for operating systems or for any other function.
• Do not intervene in the software of your mobile devices (jailbreak, rooting etc).

How can I help?
Virtual Assistant