ING Home’Bank (Romania) phishing page revealed

Posted byAnti-phishing Leave a comment on ING Home’Bank (Romania) phishing page revealed

ING Bank Phishing – Fake Home’Bank Login Page (Romanian Variant)

This phishing campaign impersonates ING Bank, a major European financial institution with a large customer base in Romania. The page mimics ING’s Home’Bank online banking interface to steal customers’ login credentials.

How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their information. The message includes a link to this fake ING login page. The page asks for the victim’s User Code and Password/Digipass credentials. When the victim enters this information and clicks “Login,” the credentials are captured and sent to the attacker.

The goal:
The attacker aims to steal the victim’s ING online banking credentials. With these, they can log into the victim’s real bank account, view balances, transfer funds, and commit fraud. The mention of “Digipass” (a two-factor authentication device used by ING) indicates that the attacker is also targeting the second factor, either through this page or a follow-up page.

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not ing.ro or any official ING domain. Legitimate ING Home’Bank login pages are accessed through ing.ro or the official mobile app. Always check the address bar.
  • Unsolicited login request: ING does not send emails or messages with links requiring customers to log in to resolve account issues. Customers should always access online banking by typing the URL directly or using the official app.
  • Generic design with copied elements: The page includes legitimate-sounding text about activating Home’Bank and downloading the app from official stores, but these elements are copied from the real ING website to lend credibility. Their presence does not make the page legitimate.
  • No personalization: Legitimate ING login pages may display a security image or personalized greeting after entering the user code. This page lacks such features.
  • Missing security indicators: The page does not display the expected security badges, SSL certificate details, or the lock icon in the address bar (though users should verify the URL itself, not just icons).

What to do if you encounter this:

  • Do not enter your User Code, Password, Digipass information, or any other personal details on this page.
  • If you are an ING customer, always access online banking by typing ing.ro directly into your browser or by using the official ING Home’Bank mobile app.
  • If you have already entered your credentials, contact ING immediately through their official customer service hotline to secure your account and change your password.
  • Report the phishing page to ING’s fraud department (e.g., by forwarding the original message to [email protected] or using their official reporting channels).

Why this scam is effective:
ING is one of the most popular banks in Romania, with a large number of online banking users. The page closely mimics the design and language of the legitimate ING Home’Bank interface, including familiar phrases about activating the service and downloading the app from official stores. The inclusion of the “Digipass” reference adds to the illusion of authenticity. Romanian-speaking users who are accustomed to ING’s online banking layout may not immediately notice that the URL is incorrect.

Protective measures:

  • Bookmark the official ING Home’Bank login page and use that bookmark to access online banking—never click links in emails or messages.
  • Use a password manager: It will autofill only on legitimate ing.ro domains, not on phishing sites.
  • Enable two-factor authentication (2FA) through the Digipass or the ING mobile app, and be cautious if a page asks for your Digipass code outside of the normal login flow.
  • Be suspicious of any unsolicited message that creates urgency and asks you to log in to your bank account.
  • Check the URL carefully: Legitimate ING Romania domains end with ing.ro. Look for misspellings, extra words, or unusual top-level domains.
  • If in doubt, contact ING directly using a phone number from your bank statement or the official website—never use contact information provided in a suspicious message.

Leave a comment

Your email address will not be published. Required fields are marked *