My finances, my projects, my life
March 20, 2023

The top 5 bank frauds in Luxembourg in 2021

Fraudsters are becoming increasingly clever and are constantly improving their techniques. In the early days, banks and companies were the main targets, but they now have individuals in their sights. What are the most common bank frauds in Luxembourg? How can you recognise them and avoid falling victim? myLIFE talks to William Goehry, Inspection Manager at BIL, who answers these questions and shares some good habits that will help you avoid being taken in.

Fraud no. 1: phishing and smishing

Phishing is the practice of sending an email or SMS (smishing) with the intent of stealing personal information. The fraudster sends you a message that looks as if it comes from a trustworthy body such as a bank, telephone provider, postal service, etc. You are asked to click on a link that redirects you to a fraudulent site (that looks like the original) and there you are asked to provide your data.

According to William Goehry, “this is a well-known technique that is frequently used in Luxembourg. In the past, fraudulent messages were put together on the hop with spelling mistakes and rather dodgy French, but today they are much harder to identify. The aim of the con artist is to collect information from you (your name, a valid email address, password, bank details etc.) in order to use these in the future.”

How can you avoid this happening to you?

“Update the security on your PC regularly and don’t use the same password on several sites. Always assume that you can’t trust any emails or SMS that you receive. Don’t click on suspicious links and never reveal your personal data. Always ask yourself whether the purported sender of the message usually acts in this way and if you are in any doubt, contact them via a different channel to check. Your bank will never ask for your details by email or SMS!”

Fraud no. 2: vishing or fake Microsoft support

→ Fraud number 2 is based on fake Microsoft support and uses a telephone call to try and manipulate you (vishing). You receive a call from someone pretending to be a Microsoft employee telling you that malware has been identified on your PC or that a Windows update needs to be carried out urgently. On other occasions, your screen will suddenly turn blue and a warning message will ask you to contact a support number. In both cases, the technical support person who replies will appear extremely sympathetic and do everything to help you. They will enlist your help to install an application that enables them to take control of your PC in order to fix the (fake) problem. You then have to pay a few euros and the fraudster uses the opportunity to access your bank details and/or install malware.

Vishing is the practice of persuading you that it is in your interests to transmit information by telephone or to carry out certain actions.

According to Goehry, “fraud based on fake Microsoft support was very widespread in Luxembourg in 2021. Vishing often goes hand-in-hand with phishing. It is the practice of persuading you that it is in your interests to transmit information by telephone or to carry out certain actions.”

What precautions should you take?

“Never share personal or banking information by telephone. If you’re in any doubt, hang up immediately!”

Useful info: “Fraudsters have access to equipment that enables them to steal telephone numbers, such as that of your bank. This is spoofing. You recognise a trustworthy number and as you don’t suspect it is fraudulent, you reply to any questions you are asked. In this type of situation, always ask who is calling and then call them back via the company’s official switchboard.”

Fraud no. 3: theft by trickery at the ATM

→ This involves the fraudster observing your PIN over your shoulder when you are withdrawing money from an ATM. The fraudster then proceeds to distract you (getting very agitated, pointing out that you’ve dropped some money, for example) and discretely steals your card and makes you believe that it has been swallowed by the machine.

“This type of fraud is quite recent in Luxembourg. It happens when the bank is closed. Thieves can use the card until the client can get to the counter to tell the bank that their card has been swallowed by the machine.”

How can you avoid this type of scam?

“Don’t let anyone distract you or offer to help when you’re withdrawing cash. Hide your PIN when inputting it. If you think your card may have been swallowed, call the number on the ATM to check if this is the case. You can also place a temporary block on your card using your banking app, or by phoning Worldline (previously SIX Payment Services) on 49 10 10.”

Frauds using fake invoices are on the rise in Luxembourg. This is a well-honed technique and is difficult to spot.

Fraud no. 4: fake invoices

→ The fraudster will hack an email account to find any correspondence on invoices. If the email account belongs to a company, the hacker will simply take a real invoice and change the IBAN number. The person receiving the bill is not suspicious as they know the sender and think they’re paying a legitimate bill from a supplier, or for a holiday reservation or mobile phone service, etc.

“Frauds using fake invoices are on the rise in Luxembourg”, warns Goehry. “This is a well-honed technique and is difficult to spot as the fraudsters use real documents. Sometimes they even go as far as adding a message to explain the change in bank details. This type of fraud is extremely convincing and the scam is not uncovered until the real issuer of the invoice follows up on non-payment.”

How can you avoid this type of fraud?

“The only way to avoid this type of fraud is to only use beneficiaries registered on your online banking page. When adding a new contact, always call the company to check the bank information. Don’t use the details in the letter or email that you have received!”

Fraud no. 5: investment fraud

→ Investment fraud consists of offering a financial investment that guarantees extremely lucrative returns. You are sucked in by advertising on social media or via email and visit commercial sites that look very real but are in fact fakes. They may be cryptocurrency exchanges, trading sites etc.

“This is one of the most worrying types of fraud”, says the inspector. “As interest rates are low or even negative, many people are keen to invest and are tempted by promises of attractive returns. They think they are dealing with professionals, but in reality it is all just a hoax. Victims don’t discover the truth until they realise that they cannot withdraw the money they’ve invested.”

Don’t be taken in by offers that are too good to be true, they are probably false!

How can avoid getting taken in?

“Check out the company behind the offer. Do some research online to check the identity of the service provider and whether the company exists. You should always cross-check any information provided against your own research. Don’t be taken in by offers that are too good to be true, they are probably false!”

Useful info: Luxembourg’s Commission de surveillance du secteur financier (CSSF) often publishes warnings, highlighting the operations of fraudulent companies in the country. It also offers a range of advice on how to verify if financial services providers are trustworthy.

What should you do if you fall victim to fraud?

You must act very quickly if you are the victim of fraud.

If you have given out sensitive information (banking details, your Token code, etc.) by telephone or online, contact your bank immediately. You should also uninstall any software or apps you have been asked to install – get professional assistance if you are not able to do this yourself. Lastly, change any passwords that you think may have been compromised.

Block your card as soon as you realise it has been stolen using your banking app or online banking site, or by calling Worldline.

Then report the incident to the police.

“Although bank frauds are a lot more sophisticated, many of them can still be avoided”, states William Goehry. “Get into good habits: remain sceptical, don’t take everything at face value and systematically check any information provided to you. And if in any doubt, contact your bank. We have set up a page on the BIL website that highlights the type of action you can take if you have been the victim of fraud.”

Get into good habits

Lastly, here’s a list of a few good habits that will help you avoid falling victim to fraud, there are certainly others:

    • keep your PC and anti-virus software up to date;
    • choose different passwords for each site;
    • don’t click on suspicious links received by email or SMS;
    • never share personal or banking information;
    • always check the identity of the person you are talking to before getting involved or answering any questions;
    • don’t let anyone distract you when you’re withdrawing cash;
    • block your bank card if stolen or lost;
    • only make transfers to beneficiaries registered on your online banking site;
    • always check any new bank details;
    • etc.