Financial safety

We protect ourselves and our customers

JSC Belagroprombank uses its best endeavours to ensure the safe use of our products and services by our customers. We constantly monitor new threats, provide reliable protection and uninterrupted operation of banking systems and services, suppress the activities of fraudulent groups – with the help of advanced technologies, high level of professional expertise of our specialists and through cooperation with law enforcement authorities.

Stay alert and be careful

We are constantly working to block fraudulent sites with malicious content and domain names fr om which scammers carry out phishing attacks. However, the most reliable protection is your awareness and vigilance. Therefore, let’s fight scams together.

Financial lifehacks - easy about the complex

Do you want to learn how to recognize a scammer and not fall for his tricks? Read our life hacks:

How to 100% recognize a phone scammer?

Everything is simple! Here are 12 signs to watch out for:

You receive a call to your mobile phone from a messenger (more often, Viber).

Employees of Belagroprombank NEVER CALL VIBER and do not use instant messengers to communicate with the client.

Call from a foreign number.

Check the subscriber's number. International code of Belarus: +375 - in other cases, calls should be ignored and do not try to call back a suspicious subscriber.

The call comes in at night or late.

The scammer expects to catch the interlocutor by surprise: half awake, a person does not have enough concentration to recognize the scammer.

"Employee" refuses to give his full name, position and work phone number.

In fact, “checking” an employee is very simple: call the bank’s official number - the one listed on the website - and find out whether such an employee works at the bank and in what department.

"Employee", allegedly to increase the degree of security of the mobile application, Internet banking or restore access to the account, strongly recommends installing an unknown (doubtful) application.

Often, the scammer asks to install a remote access application (AnyDesk, Teamviewer, RustDesk, Assistant, Webkey Android Remote Control, Airdroid, ISL Remote Control) to the “victim’s” mobile phone.

Interlocutor cannot answer simple questions.

For example, the interlocutor cannot give: your full name; the full number of the card from which the funds are supposedly being debited. Does not know the address of the bank's central office, the number of the Contact Center, etc.

An unknown person asks you (under various pretexts) to dictate to him the full card number, passport data, SMS code values, Internet banking login and password, etc.

We recommend that you calmly interrupt the conversation with the scammer and contact the bank.

The interlocutor, under any pretext, asks to transfer money to some “safe” account, pay a certain tax, reservation, fine, etc. At the same time, the unknown dictates the details for the transfer.

It is forbidden to transfer money using such details, even if the legend seems convincing.

The unknown person introduced himself as an “employee” of a bank or law enforcement agencies and tells the legend that he is now looking for a bank employee who deceives customers and asks you to apply for a loan to help in the investigation. This is a lie!

An unknown person allegedly calls on behalf of a popular online store and tells the legend that an order or credit for a purchase has been placed in your name by mistake. To cancel an order/credit, you must dictate passport data and SMS code values. This is a lie!

The interlocutor draws frightening scenarios in front of you and puts moral pressure on you.

He demands to make a decision immediately on the transfer of money or provide data, otherwise he will block the account or card, charge a fine for a loan, etc. Remember: a few minutes will not solve anything. Say that you need to think and hang up. Then call the official number of the bank, which is listed on the site, and calmly sort out the situation.

You are not 100% sure where the call is coming from or who exactly is calling you.

Say that you are busy or cannot talk at the moment. Ask to call you back later so you have time to check the phone number that called you. In addition, scammers do not always call back, preferring to solve the problem in one call.

Dear customers, be careful! Don't be fooled! Take care of yourself and your savings!

How to recognize a phishing (fake) site?

If a link to a site was sent to you from an unknown account or from a hacked profile of a friend on a social network, the link is most likely to be fraudulent.

Too good to be true.

Scammers follow hype topics or simply play on human greed by offering to win an iPhone 13, a car or a big cash prize.

Be rational and reasonable. In deciding to use or not use the site, rely on common sense, and not on fabulous promotional promises.

The presence of a timer on the site.

Attackers set a timer to make users hurry up with entering personal and payment data - this is a trick!

Check if the site uses a secure HTTPS connection.

If the address of the page on which the payment is made starts with http://, not https://, and does not have a padlock sign indicating that a secure https connection is being established, this means that the site does not use a secure connection and may be phishing.

Check which domain the site is registered on.

The domain is present in the site name. Most popular Belarusian payment services are registered on the .BY domain. Be wary of resources located on a web server in other countries.

Pay attention to the sections of the site.

As a rule, a phishing site cannot boast a large number of pages.

Check site reputation.

Type in the search engine the name of the site. The presence of negative reviews is a serious reason to think.

Pay attention to the links posted on the site itself.

If, when you click on them, you go to a page with an error or to pages that do not look like the original resource, then you have landed on a phishing site. Just close the tab and do not enter personal and payment data in the proposed form.

The presence of grammatical, syntactical errors and typos is a sure sign of a fake.

Large companies have designers, editors and proofreaders on their staff who strictly monitor compliance with the site design rules. The wrong names of the organization, an abundance of typos and errors should alert. For a quick text check, copy the text on the page you are checking and paste it into a Word document with the spell check turned on.

Check the site for inconsistencies.

It all depends on your attentiveness and scrupulousness. For example, if the site uses a site visitor counter, it can constantly show the same number of visitors or it can be “rotated” by a special program.

Scammers can play on the feeling of fear.

For example, to offer to check whether the bank card is listed in the register of data stolen by hackers. To do this, they will offer to enter the card number, its expiration date and the code printed on the back of the card in a special form. This is a lie!

We recommend installing an antivirus on all your gadgets - a computer, laptop, tablet and smartphone. It is also important to regularly update protection: cyber scammers invent new viruses and phishing methods almost every day.

Dear customers, be careful! Don't be fooled! Take care of yourself and your savings!

How to recognize a scammer?

Scammers are increasingly "divorcing" Internet users for money, pretending to be either buyers or sellers on various trading platforms and free classifieds sites.

Here are 8 signs to watch out for:

Extremely good price for a product. No wonder they say: free cheese is only in a mousetrap.

The seller/buyer, under any pretext, is trying to transfer the correspondence to the messenger (Viber, WhatsApp, Telegram).

Pay attention to the phone number: foreign numbers are one of the main signs that you are communicating with a scammer.

Invite the interlocutor to call: the scammer often avoids voice communication.

Some links are sent to you. Everything is simple here: either a phishing (fake) site, or a trojan (virus).

The interlocutor offers to make a payment through a certain site, while using such trustworthy expressions as “safe purchase”, “safe purchase”.

If you still clicked on the link, then pay attention to the positions that you are asked to fill in to process the money transfer.

The positions “card balance”, “confirmation code”, “personal (identification) passport number” are a sure sign that the site is fake.

The interlocutor, under any pretext, asks to transfer money to some “safe” account, pay a certain tax, reservation, fine, etc. In this case, the unknown dictates the details for the transfer. It is forbidden to transfer money using such details, even if the legend seems convincing.

Fake support. Most often, a fake support service “turns on” when, unfortunately, a person has already trusted a scammer and transferred money to him. The support service offers to return the debited funds through the same fake site.

Use a virtual card for payments on the Internet.

REMEMBER! To transfer funds to your card, the sender only needs to know the full number of the card and sometimes its expiration date. Nothing else.

Dear customers, be careful! Don't be fooled! Take care of yourself and your savings!

Declaration in the field of information security and quality of JSC "Belagroprombank" more details

Information security policy of JSC "Belagroprombank" more details

What you need to know about safety when using:

Bank card USSD Banking Internet Banking Мobile Internet Banking Self-service machines Phone scams Fraudulent SMS, e-mail, messengers Recommendations for legal entities and individual entrepreneurs

How to safely use your bank card

Do not leave the card unattended and do not give it to anyone - neither waiters, nor colleagues or relatives. Children and adult family members, if necessary, can get an additional card to their account.
Keep the card in a safe place, out of the reach of strangers. Do not leave your card in sight to prevent unauthorized copying of card details.
Do not write down your PIN on paper, on the card itself, on the phone or PC— just memorize it.
Do not give out your PIN to anyone, even relatives. Remember that regardless of the circumstances, no one has the right to request your PIN from you: neither law enforcement officials, nor cashiers of retail outlets or bank representatives. JSC Belagroprombank does not send any letters, SMS-messages, e-mails asking to confirm the card details, PIN or other personal information.
Do not enter PIN when using card online.
Get a separate card for online purchases, payments outside the Republic of Belarus and do not keep large amounts of money on it. If necessary, top up your card by transferring funds between cards using remote service systems.
Use the 3D Secure service and put limits on the maximum amount for online transactions.
Do not make purchases from public computers or using free Wi-Fi - scammers can steal your card details.
For online purchases, choose the online stores you trust.
Activate the SMS-notification service on the card - you will receive notifications on your phone about each operation. If you timely track the purchase or transfer that you did not make, it will be easier to get your money back.
Save receipts after payment with both card and cash, if the original payment by card failed. Check your bank statements regularly to make sure your payments went through. Report any discrepancies to the bank.
Do not agree to offers to buy your card - it can be used for fraudulent purposes. Law enforcement authorities will first of all check the cardholder for incriminating evidence.

If you have lost your card or suspect a phishing attack on your account, immediately block it. To do this, call the 24h Customer Service of the JSC Banking Processing Center at +375 17 299-25-25 or block the card using remote banking systems.

USSD Banking services allow its customers to use remote banking services via a mobile device containing a SIM card, by means of USSD requests and (or) SMS messages. To safely use the services, follow these simple rules:

Set a strong password on your phone. Otherwise, it will be easier for scammers to get access to your money.
Do not give your mobile device containing the SIM card to third parties. If you lost your phone, immediately contact any bank branch with a written request to block the access to services. Also, block your SIM card with your mobile phone operator.
If you have changed your mobile phone number, make sure you change the details of the services via an infokiosk, ATM, Internet Banking, or submit the relevant request to any bank branch.
Do not connect other people's phones to the services, even if you are asked to do so by people who introduced themselves as “bank employees”.
If your SIM card suddenly stops working, call your mobile service provider and find out the reason. Perhaps you are being attacked by scammers.

How to safely use Internet Banking

Under no circumstances should you provide information about your login, password or session keys to third parties, including your relatives and bank employees.
Use only the official Internet Banking website of JSC Belagroprombank: www.ibank.belapb.by
Make sure that the connection is in secure mode (the address field begins with the prefix https: //)
Try not to use Internet Banking from your mobile phone. It is much more convenient to use a mobile application for this purpose.
Use an antivirus on your computer. Configure automatic updates of the anti-virus databases and the operating system.
Use the software on your computer from trusted and reliable sources, and perform regular updates.
Make sure you regularly change your password. Try to make it as complex and unique as possible. To do this, use uppercase and lowercase letters, numbers and symbols in your password. Do not use the same password in different systems (e-mail, Internet Banking systems of other banks, social networks, etc.). Try to avoid your date of birth, name, and other publicly available data about you in your password.
Never save information about your username, password or session keys on any media, including a computer. If you suspect that your login, password and (or) session keys have been compromised or if you lose your password/key cards or the phone to which you receive SMS with session keys, you should immediately call Help Desk at +375 17 218-57-77 in order to block access to the system. Reactivation of the service is carried out on the basis of the relevant request, followed by the issuance of new password cards and keys.
After finishing work, make sure you close the Internet Banking window using the button.
To enter Internet Banking, you only need a personal login and password. Transactions are additionally confirmed by entering a specific session key number from a session key card issued to you or a session key sent to your phone from the BELAPB.BY via SMS.

If the site requests any other personal information, for example, a bank card or mobile phone number, leave the site and contact us, we will take action.

Report scammers

How to safely use mobile application

Under no circumstances should you provide information about your login, password and mobile key used to enter and confirm transaction to third parties, including your relatives and bank employees.
Use mobile devices with functional security systems, such as: restricting access to the device, active anti-virus software, a configured operating system update system.
Make sure you regularly change your password. Try to make it as complex and unique as possible. To do this, use uppercase and lowercase letters, numbers and symbols in your password. Do not use the same password in different systems (e-mail, Internet Banking systems of other banks, social networks, etc.). Try to avoid your date of birth, name, and other publicly available data about you in your password.
If you suspect that your login, password and (or) mobile keys have been compromised, you should immediately change them via Mobile application interface or report it to Help Desk at +375 17 218-57-77 in order to block your account. Reactivation of the service is carried out on the basis of the relevant request, followed by the issuance of new password cards and Internet Banking session keys.
Use only official mobile applications of the bank from App Store, Google Play, Windows Store.
Never leave a mobile application open: always use the "Exit" menu item to finish work.
Do not install mobile applications from links from SMS messages or e-mails, even if the message claims to be from a bank.
When installing any applications on your smartphone, pay attention to the permissions they ask for. Be especially careful if the application asks for permission to read the address book, send SMS messages and access the Internet - it can be dangerous, so it’s better not to install it.
Do not modify the operating system of the phone. Unauthorized modification disables the manufacturer's protective mechanisms and your phone becomes vulnerable.

If you lose a mobile device on which the bank's mobile application is installed, or if you receive SMS messages with session keys or one-time passwords, you should block the SIM card as soon as possible.

How to safely use self-service machines

Give preference to ATMs and infokiosks installed in secure locations (for example, in state institutions, bank offices, large shopping malls).
If at the entrance to ATM (infokiosk) location there is a device that requires your card PIN, do not enter the PIN and do not enter there.
Inspect the terminal before use. Make sure there are no additional devices on the keyboard or in the card slot. Check for malfunctions or damage, such as an uneven keyboard. If something seems suspicious to you, do not use this terminal.
Do not use a defective device. If the ATM or infokiosk freezes or spontaneously reboots - refuse to perform operations and find another device.
Cover the keyboard with your hand when entering the PIN. If there are no people around, this does not mean that scammers are not watching you. Do not use the terminal in the presence of suspicious persons and do not accept help from strangers when performing transactions at an ATM or infokiosk. If necessary, contact a bank employee, contact the Call Center of JSC Belagroprombank at 136 or other verified numbers mentioned in the agreement with the bank or on the back of the card.
Before using the terminal, make sure that all operations performed by the previous client have been completed. If in doubt, click the Cancel button.
Write down or remember the phone numbers 136 (Call Center of JSC Belagroprombank) or +375 17 299-25-25 (Customer Service of JSC Banking Processing Center, the number is printed on the back of the card). Pay attention to the phone numbers indicated on the ATM - they can be spoofed by scammers. Remember that a bank officer or customer service employee will never ask for your PIN.

If the ATM or infokiosk does not return your card, immediately block it using the remote banking system or by calling the Customer Service of JSC Bank Processing Center at +375 17 299-25-25.

How to spot phone scams ?

Scammers often identify themselves as bank employees. For example, a stranger calls you on your mobile phone, introduces himself as a customer support or security specialist and asks you to name the card details, enter the remote banking system and urgently perform several operations. The reason, according to him, is very serious: a failure in the database, the threat of fraud, or something similar. The scammer's job is to scare you and not give you time to analyze the situation, so he will insist that you fulfill his requirements as quickly as possible.

Remain alert and keep an open mind on what is happening. When calling a client, an employee of JSC Belagroprombank:

always addresses a client by surname, name, patronymic;
never asks for personal and confidential information: full card details (card number, PIN and CVV code), logins and passwords from remote banking systems, personal passport number;
never asks to perform operations with the card, or to give out session keys to confirm operations.

How to protect yourself from fraudulent SMS, e-mail, messengers

Fraudsters regularly send messages and emails disguised as messages from the bank. Their goal is to gain access to your account and steal money. Therefore, it is important to be able to distinguish the official messages of the bank from the letters of fraudsters.

Never reply to e-mails in which confidential data is requested, do not follow the links indicated in them, and do not open the attached files. All emails requesting confidential data are fraudulent!
Check details of incoming SMS messages. SMS-messages from the Bank can only come from the number "BELAPB.BY"
When receiving a Viber-mailing from a bank, make sure that it is made from an official account (the sender is BELAGROPROMBANK, there is an official logo, there is a green checkmark and information that the sender has passed the Viber check. When receiving a message, there is no pop up window stating that the sender of the message is not in your address book).

Bank employees never ask customers for confidential information: full card details (card number, PIN and CVV code), logins and passwords from remote banking systems, personal passport number and do not ask you to perform active operations with cards;
JSC Belagroprombank never sends messages with a request to confirm, update or provide personal data;
JSC Belagroprombank never sends messages with a form wh ere you should enter your personal data;
JSC Belagroprombank never asks to enter the remote banking systems using the link from the letter.

Nota Bene: JSC Belagroprombank uses instant messengers (Viber, WhatsApp, Telegram, Instagram) only to inform customers about new products, promotions, drawings and similar activities. The bank does not make calls via messengers! Only scammers use instant messengers to make calls. If you receive a call from instant messengers on behalf of the security service of any bank, immediately stop the conversation. If you provided your personal data (login/password, card number, card expiration date, CVV or SMS data), urgently call the bank in order to block cards and access to remote service channels.

Have you given anyone your session key from the SMS, your card details, logins, passwords, session keys from the remote banking systems of JSC Belagroprombank?

If so, immediately contact the Call Centre of JSC Belagroprombank for advice:

When calling from Belarus, dial 136.

When calling from anywhere in the world, dial +375 17 218-57-77, +375 29 198-57-77(А1),+375 29 888-57-77(МТС), +375 25 999-57-77(Life) – mobile operator’s rate apply

If you are sure that you have fallen victim to a scam, report it to us. We will take action.

Best practices for E-mail use

Do not open letters from state institutions, banks or large companies if they are sent from free e-mail boxes (yahoo.com, mail.ru, etc.). As a rule, the addresses of state institutions end in “.gov.by” or “.by”. Large companies are more likely to have a mail domain that matches their name.
If the received letter does not contain a subject and content, but attachments and/or links are attached to it, then most likely this letter contains a malicious code or a virus.
Suspicious letters mean letters in the sender's address of which there are obvious mistakes or misspellings that look like the real one (for example, edy.gov.by instead of edu.gov.by). When exchanging letters with counterparties, carefully check the address of the incoming correspondence, as there is a risk of replacing one character and exchanging confidential information with unidentified persons.
Do not follow links, the description of which does not correspond to the real path. For example, you received a link https://www.belapb.by/rus/juridical/, and when you hover over the link, a completely different path is displayed - http: //www.sait.zloumishlennik/zagruzit_zhertve/virus.
Be careful if the letter was sent by a person unknown to you, the text of the letter is incomprehensible, or the reasons for which it was sent are unclear. If the sender is familiar to you, then you need to check with him whether the letter was actually sent.
Do not disclose logins and passwords from work-related email addresses to third parties.
Do not connect a carrier with EDS keys to the computer unnecessarily.
Do not use your work email address for personal communication.
When communicating with your counterparties, it is advisable to send documents in archive format (RAR, ZIP, etc.) protected by password, which must be sent in a different way agreed upon with the counterparty.
If you have any suspicions (new account, counterparty address, new contact details of the contact person or new work email address), contact your counterparty at the official phone numbers or the address of the previously used email address to clarify the payment details.
If, nevertheless, the scammer managed to mislead you, and you sent the payment to the address of the "false bank account", you should immediately inform the bank officer servicing your account and/or your personal manager thereof, and also report this to law enforcement authorities.
If a malicious attachment has been opened, you must immediately stop processing payments, turn off the the EDS keys carrier, and, if you have concerns, check all sent payments. In case if unauthorized account transactions have been detected, immediately inform the bank officer serving your account thereof, and/or a personal manager, and indicate the details of these payment orders (number, amount, recipient, purpose of payment), as well as report this to the law enforcement authorities. Take measures to localize the workplace and clean it from viruses.

Best practices for use of remote banking services system

Use a separate computer for work in the RBSS.
Work on a computer with minimal user rights.
Pay attention to the domain name (abbreviation) of the site in the address bar of the browser you are on. Attackers can create a fake site that looks like the official one.
Do not use external e-mail at this workplace. If necessary, take all precautions to counter cybercriminals' intentions to infect your computer.
Timely update the operating system on the computer with RBSS (updated licensed software supported by the developer).
Install and keep enabled antivirus software that needs to be kept up to date (including antivirus signatures).
Use the EDS key carrier ONLY at the time of signing the document. After signing, the carrier must be removed from the computer!
If you have noticed that a computer with an installed RBSS starts behaving strangely - immediately disconnect communications (Internet, computer network) and contact the bank to find out information about the possible presence of unauthorized payments. If the fact of unauthorized payments is confirmed, issue a new EDS certificate instead of the old one. Check your computer for malware.
JSC Belagroprombank never asks to enter the remote banking systems using the link from the letter.

Note Bene: JSC Belagroprombank uses instant messengers (Viber, WhatsApp, Telegram, Instagram) only to inform customers about new products, promotions, drawings and similar activities. The bank does not make calls via messengers! Only scammers use instant messengers to make calls. If you receive a call from instant messengers on behalf of the security service of any bank, immediately stop the conversation.

Contact information:

For consultation please contact the technical support service at +375 17 389-07-70 or fill out the form describing the issue on the website https://help.lwo.by/pismovtp/

Let’s fight scams together

Have you witnessed scammer activity - for example, they called you or your relatives playing the role of a bank officer and tried to steal personal data?

Have you received a suspicious e-mail or message allegedly on behalf of JSC Belagroprombank?

Have you encountered anything suspicious - for example, found a fake website or an account in social networks with the logo of JSC Belagroprombank?

Have you found a vulnerability or suspicious information on one of the bank's Internet resources (website, remote banking system, HR portal)?

Have you been scammed?

Did you provide the session key from the SMS, your card details, logins, passwords, session keys from the remote banking systems of JSC Belagroprombank?

Immediately contact Call Centre of JSC Belagroprombank for advice:

When calling from Belarus, dial 136.

When calling from anywhere in the world, dial +375 17 218-57-77, +375 29 198-57-77(А1),+375 29 888-57-77(МТС), +375 25 999-57-77(Life) – mobile operator’s rate apply

If you are sure that you have fallen victim to a scam, report it to us. We will take action.

Report scammers