Online cons, fraudulent messages, credit card scams, etc. Scammers are becoming increasingly creative in their attempts to fool you. What is the most common bank fraud in Luxembourg? How can you spot it and guard against it? Sabrina Gofflot, Senior Internal Inspector at BIL, answers our questions and gives you some sound advice.
Phishing, smishing and a new one: quishing
Phishing is a fraud technique that consists in obtaining confidential information or bank details (PINs, passwords, etc.) by pretending to be a trusted organisation: the tax authorities, police, bank, post office, etc.
Phishing can take the form of an email or a text message (in the latter case, it is known as SMS phishing, or smishing). For example, you may receive an email from the tax authorities informing you that you are entitled to a refund, a text message from the police asking you to pay a fine, or a carrier asking you to pay the charges to release a parcel that is waiting.
The new trend is quishing (QR code phishing). You are redirected to a malicious site that tries to get hold of your personal data by scanning fake QR codes.
The new trend is quishing (QR code phishing). You are redirected to a malicious site that tries to get hold of your personal data by scanning fake QR codes. They can be pasted on advertising in bus shelters, in shops, on signs that regulate parking at car-park entrances, etc.
Sabrina Gofflot tells us that the principle is always the same: “The author of the message presents themselves as an official body, often one that you would take seriously without question. You are asked to click on a link that redirects you to a fraudulent site (which looks like the original) and to fill in a form. In the past, it was fairly easy to spot. The text was badly written, and had spelling mistakes. But as technology has advanced, particularly with artificial intelligence such as ChatGPT, the content is now of much higher quality and it is becoming extremely difficult to detect that it is a scam.”
Get into good habits
- Always check a sender’s URL or email address.
- Never share your login details.
- Use official websites and apps and don’t follow links you receive in messages.
- Update the security on your PC regularly.
- Don’t use the same password on different sites.
Phishing is often followed by voice phishing, or vishing, a telephone scam. You receive a call from someone introducing themselves as your banker, for example. They tell you that fraudulent transactions have been detected on your bank account, and enlist your help in fixing the (fake) problem. You will then be asked to connect to your accounts, transmit your bank details, install a remote connection programme or transfer your assets to a supposedly secure account.
These days, there’s also spoofing (identity theft). Fraudsters spoof the telephone number of your bank or another organisation and it is their official number that appears on your screen when they call you.
“These days, there’s also spoofing (identity theft),” says Ms Gofflot. “Fraudsters spoof the telephone number of your bank or another organisation and it’s their official number that appears on your screen when they call you. It’s intended to confuse you. You recognise the number, so you trust the person on the other end of the line. Remember that your bank or any other organisation – LuxTrust, MyGuichet, etc. – will never ask you for your account login details. If they phone you, it’s only to confirm a fraud.
If in doubt, end the conversation and call the organisation back yourself,” the inspector advises. Often, in this situation, people don’t dare hang up for fear of appearing rude. But don’t hesitate!”
Get into good habits
- Under no circumstances divulge confidential or banking information by telephone.
- Don’t install any remote access software on your computer.
- Never transfer your money to a bank account that does not belong to you.
- Always confirm your correspondent’s identity using verified contact details.
This technique is intended to make you believe that you can take advantage of a very good online deal that does not actually exist. You’re attracted by a classified ad or an advert on social networks selling a product at a bargain price. You are told that you must pay quickly “while stocks last” or because other people are waiting to buy. So you make a transfer, but never receive your goods.
Online scams are still very common. Fraudsters take advantage of current trends to dangle highly attractive offers.
“Online scams are still very common. Fraudsters take advantage of current trends to dangle highly attractive offers. For example, last winter in Luxembourg, at a time when the price of firewood had risen considerably, there was a series of false advertisements on the internet offering low-priced cords of wood. This type of scam can be used for all kinds of objects: vintage clothes, concert tickets, second-hand cars, etc. If the deal is too good to be true, beware!”
Get into good habits
- The more pushy the seller, the shadier the deal.
- Research the seller and read their reviews.
- As far as possible, avoid storing your card details on a merchant site.
- Whether you are a buyer or a seller, always use the site’s secure payment system.
Bank card fraud
In principle, bank card fraud occurs when you withdraw money from an ATM (automated teller machine). The fraudster discreetly observes the PIN for your card and diverts your attention so that they can steal it from you, making you believe that it has been swallowed by the ATM.
“These criminals are very clever,” the inspector warns. “They make a good impression, they’re friendly and are very good at distracting you. Bank card fraud can also occur when you pay for your purchases at a retailer: the thief stealthily takes note of your code before stealing your card. Take care that no one can see your PIN when you enter it and never lose sight of your bank card.”
Get into good habits
- Always take care that no one can see you typing in your PIN.
- Don’t let anyone distract you or offer to help when you’re withdrawing cash.
- If you think your card may have been swallowed by the machine, call the number on the ATM.
- Never write your PIN on a your card or on a piece of paper in your wallet!
In this case, the fraudster sends a false invoice pretending to be a company. They hack into a company’s email inbox and fake an invoice by changing its bank account number and contact details. They then send the false invoice by email, indicating that the account number has changed. The company thinks it’s paying a genuine invoice, but pays the money into the scammer’s account.
“False invoice fraud often takes several months to be detected, because the technique is so sophisticated,” says Ms Gofflot. “It’s a real scourge for businesses, because the amounts stolen can be very high. They can also target individuals with fake telephone bills, holiday bookings, etc. Always be wary if bank details are changed.”
Get into good habits
- Use the beneficiaries registered in your banking interface.
- Make sure that the bank details really are those of your contact.
- Get in touch directly with the person who sent you the invoice to check the information (without using the contact details mentioned on the invoice or in the email).
Investment fraud consists of offering a financial investment that guarantees exceptional returns. You are attracted by an advertisement on the internet (cryptocurrency exchange platforms, trading sites, etc.) and when you click on the link, you are directed to a very professional site with testimonials from people confirming that they really have made a lot of money. You’ll be tempted to start off with a small amount and invest more and more. But by the time you want to recoup your investment, you can’t. You are advised to wait to increase your profits… you’ll have to pay account closure charges, management fees, etc. This can go on for several months and you never get your money back.
Thanks to artificial intelligence, financial websites and reports are better than the real thing. It’s hard to spot the fake.
“Investment scams are very sneaky. You think you’re dealing with professionals, but in fact it is all just a hoax. Thanks to artificial intelligence, financial websites and reports are better than the real thing. It’s hard to spot the fake. Remember that offers that are too good to be true are probably a scam!”
Get into good habits
- Beware of overly attractive offers and unfeasible returns.
- Be careful when you are offered an investment that you didn’t ask for.
- Find out more about the company: its identity, the consistency of the information, etc.
- Look for reviews on the internet (other than on the company’s official website).
What should you do if you are a victim of fraud?
If you have divulged sensitive information or made a credit transfer to a dishonest person, react quickly by contacting your bank and making a report to the police.
If your bank card has been stolen or swallowed by an ATM, block it immediately via your banking app and call Worldline on +352 49 10 10. They will be able to check whether there are any fraudulent transactions in progress and whether it is still possible to stop them.
If you have installed suspicious software or apps, you should uninstall them – get professional assistance if you are not able to do this yourself. Also think about changing any passwords that you think may have been compromised.
|Luxembourg’s Commission de surveillance du secteur financier (CSSF) regularly publishes warnings, highlighting fraudulent operations in the country. It also gives advice on how to verify if financial services providers are trustworthy.
“If you have the slightest doubt, don’t hesitate to contact your bank,” Sabrina Gofflot recommends. “They will be able to guide you through the steps to take. As bank frauds become more sophisticated, it’s essential to stay alert and maintain a sceptical frame of mind. And don’t forget to inform your friends and family so they don’t fall into the trap.”
For more information on bank fraud and the remedies available, visit the BIL website.