With banks offering more and more online services, fraud and scam attempts are also evolving and going digital. One kind that is becoming increasingly prevalent in Luxembourg is phishing. In this article, myLIFE shows you how to recognise phishing and protect yourself from these attacks.
The term “phishing” is a neologism that was created by combining “fishing” and “phreaking” (telephone hacking). It’s a form of fraud that aims to collect personal and confidential data to use for personal gain. The fraudster poses as a trusted organisation or person, prompting you to respond in such a way as to allow them to steal your personal data. And, unfortunately, bank clients are all too often the victims of these attacks.
Phishing exploits human weaknesses such as empathy, fear, enthusiasm or simply a lack of attention. It often comes in the form of an email, but can also be conducted through SMS (“smishing”) or a phone call (“vishing”).
Messages may contain a link to a website that looks identical to that of the organisation the fraudster claims to represent. These are mostly banking websites, social networks or online payment platforms. By clicking on the link, the user is invited to enter their login details, fill in a form or sign up to a service. Meanwhile, the attacker retrieves the information entered to use for their own purposes.
In other cases, the message claims to be urgent and the attacker tries to get you to send confidential documents or information. Phishing attempts are often very convincing, and can consist of several messages sent over several weeks.
One of the most common assumptions is that phishing is easy to recognise. In reality it can be extremely sophisticated and conducted through multiple different channels.
One of the most common assumptions is that phishing is easy to recognise. In reality it can be extremely sophisticated and conducted through multiple different channels. However, if you pay attention, there are a few red flags you can watch out for.
When you receive a message, whether an email or otherwise, it’s important to look at how the message is written and its layout, as well as identify any spelling mistakes. If you feel that something is off, trust your gut.
Lastly, note that no reputable bank or organisation will ever ask you for your personal information or credit card details. Be especially careful when asked to share sensitive information. If in doubt, contact your bank!
Example
Luxembourg was targeted by a wave of SMS phishing attacks at the end of 2018.
Do not reply to suspicious emails – send them back to your bank by entering the email address manually.
In an ideal world, you would obviously never be the victim of phishing or other attacks. While you can never be totally risk-free, a good first step is to make sure you update your software, browser, operating system and antivirus software regularly. However, this may not always be enough.
If you do ever receive a suspicious message, contact your bank or the organisation in question directly to make sure it came from them. Do not reply to suspicious emails – send them back to your bank by entering the email address manually. The same goes for your bank’s web address: type it out yourself rather than clicking any links. This way, you’ll avoid being redirected to a fraudulent website that may be posing as your online banking platform. In the end the safest thing to do is obviously to never click any links or download any documents attached to a questionable email.
If you have the slightest suspicion that your details have been compromised, immediately change your password and check your bank accounts. Then contact your bank to report the attempted fraud so they can take appropriate action.
To further protect your personal data, LuxTrust – Luxembourg’s specialist electronic identity manager – has implemented extra measures in 2019 to help you avoid getting caught out by phishing attempts.
LuxTrust users were asked to choose and remember a secret image as an additional security step for online operations.
Your chosen image will appear each time you enter your OTP or your PIN to log in to your online banking space or sign a transaction.
However, you will not be asked for your secret image in the following situations:
Outside of these situations, if your secret image is not displayed or if it’s not the one you chose, you are most likely facing a phishing attempt. So there you have it! Now you know how to avoid getting sucked in by phishing attempts you can rest easy when doing your daily banking.
Sustainable development issues have been a key concern in recent years, and businesses have a…
When it comes to investing, it’s advisable to take the long view and to follow…
Have you ever been to a meeting that seems to drag on with no meaningful…
In a hyperconnected world that constantly demands our attention through messages, notifications and alerts, it’s…
What distinguishes a manager from a leader? What are the rules of leadership, what mistakes…
Just launched a new product or service, or created an online store? Want to stand…