Alerte phishinghttps://www.bil.com/en/Lists/BILInternetAlerts/DispForm.aspx?ID=7Alerte phishingBeware of fraudulent e-mail<br><a href="/static/BILnet/phishing/index-en.html">Find out more</a> 7

Security/
prevention

How to protect
against fraud?

  • Check the security and privacy of your BILnet access:
    • Never leave your login details lying around.
    • Never share your personal data with anyone else.
    • Your bank will never ask you for this information.
  • Be sceptical if anyone asks you for sensitive information (usernames, passwords, card details, etc.).
  • Hang up and try to call back from a verified number.
  • Take the time to check everything when making a credit transfer:
    • Check that the country and beneficiary account on the invoice are credible (e.g. the company and its bank are in the same country)
    • If in doubt, don’t hesitate to contact the invoice issuer, preferably by another means (email as opposed to telephone).
  • Never click on hyperlinks received by SMS or email. Don’t download the attachments either.
  • Never save your card details on e-commerce websites: your data may then be misused for fraudulent purposes.
  • Never allow software to be installed on your computer or mobile phone remotely when asked by someone you don’t know (e.g. fraudster or fake IT support).
  • Don’t be taken in by investment offers – if they seem too good to be true, they probably are.
  • Never allow yourself to be distracted by a stranger when using an ATM.
  • Always make sure that no one can see you enter your card PIN or BILnet login details.

What to do in
the event of fraud

Always:

  • Warn your bank as soon as possible.
  • File a complaint with the police and provide anything that could be used as evidence in the case (account statement, disputed transactions, photos, etc.).
  • Send a copy of the police report to your bank by secure messenger as soon as possible.
  • If in doubt, have your computer or mobile phone checked over by a trusted company to ensure it is safe.
  • Change your passwords (email, web banking, etc.).

Bank card fraud:

  • If in doubt, or if your card has been swallowed, call Worldline support on +352 49 10 10.
  • Immediately block the compromised cards, either directly using the BILnet app, or through Worldline by calling +352 49 10 10.
  • Report the fraudulent transactions as quickly and with as much detail as possible to Worldline on +352 49 10 10.

Transfer fraud:

  • Block your LuxTrust certificate: directly with LuxTrust, or through your bank.
  • Ask your bank to make a fund reversal request (the return of funds is a last resort, the result of which is not guaranteed).
  • Warn your clients/suppliers if your inbox has been hacked.

Different types
of fraud

Phishing & smishing

Phishing is the practice of sending an email or SMS (smishing) with the intent of stealing personal information.

The fraudster sends you a message that looks as if it comes from a trustworthy body such as a bank, telephone provider, postal service, etc. You are asked to click on a link that redirects you to a fraudulent site (that looks like the original) where you will enter your data.

Fraud number 2 is based on fake Microsoft support and uses a telephone call to try and manipulate you (vishing).

You receive a call from someone pretending to be a Microsoft employee telling you that malware has been identified on your PC or that a Windows upgrade needs to be carried out urgently. On other occasions, your screen will suddenly turn blue and a warning message will ask you to contact a support number.

In both cases, the technical support person who replies will appear extremely sympathetic and do everything to help you. They will enlist your help to install an application that enables them to take control of your PC in order to fix the (fake) problem.

You then have to pay a few euros and the fraudster uses the opportunity to access your bank details and/or install malware.

Vishing

Theft by trickery at the ATM

This involves the fraudster observing your PIN over your shoulder when you are withdrawing money from an ATM.

The fraudster then proceeds to distract you (getting very agitated, pointing out that you’ve dropped some money, for example) and discretely steals your card and makes you believe that it has been swallowed by the machine.

The fraudster will hack an email account to find any past invoices. If the email account belongs to a company, the hacker will simply take a real invoice and change the IBAN number.

The person receiving the bill is not suspicious as they know the sender and think they’re paying a legitimate bill from a supplier, or for a holiday reservation or mobile phone service, etc.

Fake invoices

Investment fraud

Investment fraud consists of offering a financial investment that guarantees extremely lucrative returns. You are sucked in by advertising on social media or via email and visit commercial sites that look very real but are in fact fakes. They may be cryptocurrency exchanges, trading sites etc.

Don’t be taken in by offers that are too good to be true, as they are probably fake!