BILnet
en

Security/
prevention

Warning - Beware of "phishing" attempts followed by "vishing" (telephone phishing) with "spoofing" (identity theft)!

Fraudsters do not hesitate to pose as employees of BIL or legitimate institutions (while usurping the bank's or institution's telephone number) in order to collect your data/identifiers and use them for fraudulent purposes.
Remember that BIL will never ask you for your data/identifiers.
A BIL employee will not ask a delivery person to collect bank cards from your home address!

Warning - Beware of tempting offers!

This festive season, be extra vigilant when faced with tempting offers on the Internet. Take the time to find out information about the seller and read their reviews before making any payment.

How to protect
against fraud?

  • Check the security and privacy of your BILnet access:
    • Never leave your login details lying around.
    • Never share your personal data with anyone else.
    • Your bank will never ask you for this information.
  • Be sceptical if anyone asks you for sensitive information (usernames, passwords, card details, etc.).
  • Hang up and try to call back from a verified number.
  • Take the time to check everything when making a credit transfer:
    • Check that the country and beneficiary account on the invoice are credible (e.g. the company and its bank are in the same country)
    • If in doubt, don’t hesitate to contact the invoice issuer, preferably by another means (email as opposed to telephone).
  • Never click on hyperlinks received by SMS or email. Don’t download the attachments either.
  • Never save your card details on e-commerce websites: your data may then be misused for fraudulent purposes.
  • Never allow software to be installed on your computer or mobile phone remotely when asked by someone you don’t know (e.g. fraudster or fake IT support).
  • Don’t be taken in by investment offers – if they seem too good to be true, they probably are.
  • Never allow yourself to be distracted by a stranger when using an ATM.
  • Always make sure that no one can see you enter your card PIN or BILnet login details.

What to do in
the event of fraud

Always:

  • Notify BIL by calling our dedicated number: 4590 7070 (open from 8.30 a.m. to 6 p.m. from Monday to Friday) or 49 10 10 outside these hours. You can also use the BILnet secure messaging service (subject "Fraud victim") or this form
  • File a report with the police and bring any evidence (account statements, disputed transactions, photos, etc…).
  • Send a copy of the police report to BIL via secure messaging as soon as possible. If you do not know how to send a secure message, click here to follow our step-by-step tutorial.
  • If in doubt, have your computer or mobile phone inspected by a trusted organisation to ensure its integrity.
  • Change your passwords (e-mail, web banking, etc.).
  • Install the BILnet application on your mobile phone to receive security notifications (creation of a new beneficiary, activation of BILnet on a new device)
  • If you haven’t already, activate LuxTrust Mobile for more security. For more information or to find out how to do this, visit our dedicated page.

Bank card fraud:

  • If in doubt, or if your card has been swallowed, contact Worldline support on +352 49 10 10
  • Block the compromised cards immediately, either directly via your BILnet application (visit our dedicated tutorial on how to block your card here), or via Worldline by dialling +352 49 10 10.
  • Report fraudulent transactions as quickly and accurately as possible directly to Worldline on +352 49 10 10

Bank transfer fraud:

  • Check for any pending transfers that you did not initiate. To consult, modify or cancel a standing order, click here for more information.
  • Block your LuxTrust certificate either directly with LuxTrust, or via your bank.
  • Do not hesitate to block your BILnet access, only via the WEB version of BILnet: PERSONAL AREA, BLOCK MY CLIENT ACCESS. Please note that this is definitive and cannot be revoked by yourself.
  • Ask BIL to initiate a request for the return of funds (note that the return of funds is an ultimate recourse and the outcome is never guaranteed).
  • Notify your customers/suppliers if your e-mail account has been hacked.

Do not use Google (or any other search engine) for BILnet

The results that search engines offer may send you to a fraudulent website designed to scam you.

Recently, a phishing link even managed to get listed as the top result, even though it was actually an advertisement:



To avoid any problems:

  • Enter https://www.bil.com in your address bar manually
  • Save https://www.bil.com/BILnet/ in your favourites
  • Always check that the connection is secure and the destination URL is correct:


Please share this information with your friends and family!

Different types
of fraud

Phishing & smishing

Vishing

Theft by trickery at the ATM

Fake invoices

Investment fraud

Phishing & smishing

Phishing is the practice of sending an email or SMS (smishing) with the intent of stealing personal information.

The fraudster sends you a message that looks as if it comes from a trustworthy body such as a bank, telephone provider, postal service, etc. You are asked to click on a link that redirects you to a fraudulent site (that looks like the original) where you will enter your data.

Fraud number 2 is based on fake Microsoft support and uses a telephone call to try and manipulate you (vishing).

You receive a call from someone pretending to be a Microsoft employee telling you that malware has been identified on your PC or that a Windows upgrade needs to be carried out urgently. On other occasions, your screen will suddenly turn blue and a warning message will ask you to contact a support number.

In both cases, the technical support person who replies will appear extremely sympathetic and do everything to help you. They will enlist your help to install an application that enables them to take control of your PC in order to fix the (fake) problem.

You then have to pay a few euros and the fraudster uses the opportunity to access your bank details and/or install malware.

Vishing

Theft by trickery at the ATM

This involves the fraudster observing your PIN over your shoulder when you are withdrawing money from an ATM.

The fraudster then proceeds to distract you (getting very agitated, pointing out that you’ve dropped some money, for example) and discretely steals your card and makes you believe that it has been swallowed by the machine.

The fraudster will hack an email account to find any past invoices. If the email account belongs to a company, the hacker will simply take a real invoice and change the IBAN number.

The person receiving the bill is not suspicious as they know the sender and think they’re paying a legitimate bill from a supplier, or for a holiday reservation or mobile phone service, etc.

Fake invoices

Investment fraud

Investment fraud consists of offering a financial investment that guarantees extremely lucrative returns. You are sucked in by advertising on social media or via email and visit commercial sites that look very real but are in fact fakes. They may be cryptocurrency exchanges, trading sites etc.

Don’t be taken in by offers that are too good to be true, as they are probably fake!