Although Romanians have become more cautious and avoid impulsive purchases, the number of cyber frauds remains high. The National Cyber Security Directorate (DNSC) points out that attacks have become more sophisticated and artificial intelligence is making fake messages seem more real and convincing than ever.
Romanians are preparing for Black Friday. Photo: Archive
An MKOR study shows that 93% of shoppers plan their purchases ahead of time. Black Friday is no longer a race of impulse, but a period of analysis and calculation. Romanians make lists, compare prices and check the reputation of stores before pressing the button “buy”.
But behind this maturation hides a paradox. Shoppers are more careful, but digital criminals are more efficient.
AI and fraud. When the trap looks perfectly legitimate
“Fraud remains a top threat to the average user. It’s growing in both volume and sophistication”explains Mihai Rotariu, the communication manager of the National Directorate for Cyber Security (DNSC).
Mihai Rotariu, communication manager National Directorate for Cyber Security. Photo: Archive
He says artificial intelligence has completely changed what an online attack looks like. “With the help of AI, you can generate a text perfectly adapted to the Romanian language, with the same tone and style as those used by real companies. It becomes much more difficult for a user to figure out whether a message is genuine or a hoax.”
Paradoxically, today’s attackers are less technical but more effective. “We’re not talking about hackers breaking into NASA servers anymore. We’re talking about regular people exploiting emotion, haste and inattention. Present a plausible story and the victim ends up giving away the sensitive data themselves, convinced they’re doing good.”
From hood to psychology. Haste is the biggest risk
DNSC is receiving more and more notifications from users who have realized for themselves that they have been the target of an attempt. Many start checking links, but focus makes the difference.
“I’ve seen people with cybersecurity experience fall into the trap just because they were on a call with colleagues and weren’t paying one hundred percent attention. Focus makes the difference”says Rotariu.
He recommends a minimal digital safety routine. “Attention, patience and critical thinking are more important than any antivirus.”
Recommendations. Checks upon checks
DNSC recommends using two simple, free and easy-to-use tools to check the safety of a site or link:
Scamadviser.com – analyzes a site and assigns a trust score from 1 to 100 based on age, reputation and transparency. If the rating is low, it is better to avoid entering personal data.
VirusTotal.com – scans any suspicious link, file or domain using over 70 antivirus engines. The result appears in seconds and helps you see if the page is safe before you open it.
DNSC Tip: Save these addresses in your browser or phone notes. They are the fastest checks you can do before buying something online.
Don’t forget:
- Read the website address carefully, the letters can be subtly changed.
- Never give out card details to receive money. For cashing, use the IBAN or the phone number associated with the account.
- If someone calls you “from the bank”hang up and call the number on the official website.
- Do not install applications received in links on WhatsApp or SMS.
- Do not complete a payment when you are distracted, on a call or in a hurry.
Phone spoofing. Why can’t the operators stop it
One of the most dangerous methods used in 2025 is spoofing, the fake call that displays a real number or even the name of a bank on the screen.
“You may get a call from someone claiming to be from the bank and telling you that your account is blocked or that someone has taken out a loan in your name. In reality, the attacker is just masking their identity using legitimate VoIP services. Operators cannot technically block these calls because this is not a breach, but misused public data”explains Rotariu.
The first alarm signal is simple: if you are not a customer of that bank, hang up immediately.
“Criminals are persuasive and act on a simple script. They establish emotion, an unexpected gain or an imminent loss. Emotion makes you act impulsively, click or provide data.”
How phone spoofing works
The caller is using a VoIP service that can display a real number on your screen. Sometimes even the name of the bank appears. The goal is to rush you into action. There is only one solution. You end the call and call your bank at the number on the website.
Marketplace. The mistake of thousands of lei in two minutes
“The most common mistake is the confusion between card data and bank account data”warns Rotary.
On marketplace platforms, scammers operate simply. “You put a product up for sale, you are contacted on WhatsApp, you are offered immediate payment without negotiation, then you receive a fake link that looks like a courier service. You are asked for your card details to receive the money. In reality, those details go to the attackers.”
The classic marketplace trap
- Post a product for sale.
- You get the message on WhatsApp, not in the marketplace app.
- You are offered immediate payment without negotiation.
- Enter your card details “to receive the money”.
- In reality, you have just provided access to your account.
Rare cases, but expensive
Those who do all the checks and still fall prey are few. “In these cases we are talking about spearphishing, attacks tailored to a profile, with more complex goals than stealing money. The target can be to compromise an account that leads to an institution or a company”explains Rotariu.
DNSC does not have jurisdiction over legal enforcement of hosting providers. “We analyze the site, contact the hosters and provide the evidence. We have a suspension rate of more than 80%, but the success depends on how quickly the partners react.”
DNSC relies on awareness campaigns, webinars, collaborations with schools and the media. One of the most visible projects is SigurantaOnline.ro, a platform created together with the Police and the Romanian Association of Banks.
“It also has a children’s component, through comics. The goal is to make cyber security reflex, not reaction”says Rotariu.
He admits that Romania is still on the last places in Europe in terms of digital education, but he notices a sign of progress: “More and more users are sharing their tricks publicly so that others can learn from them. It’s a big step towards maturity.”
“Cybersecurity is a shared responsibility.”
Black Friday, a very vulnerable period from the perspective of online fraud. Source: SigurantaOnline
Education through comics. Security for children
DNSC, together with the Romanian Police and the Romanian Association of Banks, launched a series of educational comics for children on the SigurantaOnline.ro platform. The stories illustrate real situations of danger in the digital environment, explained in accessible language, with characters and dialogues that teach little ones how to react when they receive suspicious messages, requests for data or unknown links.
The aim of the project is to turn the notions of online safety into a natural reflex, learned from the family.
Educational booklets with cartoons about children’s internet safety. Photo: SigurantaOnline.ro
Useful resource. How do you recognize social engineering?
For those who want to better understand how online manipulation works, the National Cyber Security Directorate (DNSC) has published a comprehensive guide to social engineering. The document explains step-by-step how digital criminals operate, what tactics they use to gain the trust of victims and how you can quickly spot a fraud attempt, whether it comes via phone call, text, email or social media.
The full guide can be consulted here: DNSC Guide – Social Engineering
DNSC guidance on how to recognize manipulation and attempted fraud in the digital environment. Source: DNSC
Video. What a spoof call looks like and how to react properly
The DNSC is drawing attention to the increase in telephone fraud attempts, known as vishing. The clip below shows how criminals can call pretending to be a bank, the Police or another official body to inspire urgency and fear. Their goal is to obtain confidential data or convince the victim to transfer money to accounts controlled by the attackers.
The idea is when something doesn’t connect, hang up and check the number yourself on the institution’s website. No bank or authority will ask you for credentials or to move money into a so-called “secure account”.
To report fraud attempts, DNSC recommends calling the unique number 1911 or reporting at pnrisc.dnsc.ro
Scam calls: how to recognize and avoid phone scams
The video below explains how fake spoofing calls work, which are increasingly common in Romania. Fraudsters pose as representatives of banks or public institutions and try to obtain personal data, authentication codes or financial information.
Fraud is based on trust and emotional pressure: attackers create an urgent situation, designed to make you react quickly and without checking.
DNSC’s message is simple: never give out confidential data over the phone or respond to urgent requests from strangers, no matter how credible they may seem. Always verify the identity of the caller using the institution’s official contact number.
Vishing, a sophisticated form of phone fraud targeting sensitive data
The video below explains the phenomenon of vishing, which is the use of voice and phone calls as a tool for cyber fraud. Criminals use mobile phones to gain the trust of victims, pretending to represent banks, authorities or well-known companies.
Their purpose is clear: to obtain sensitive data such as passwords, authentication codes or financial information.
DNSC warns that vishing is the “deceiving voice” of modern cyber attacks. The message to remember is to never give out confidential information over the phone and never act under pressure. If you are called by someone asking for access data, hang up and verify the identity of the caller through official channels.
