What is phishing?
Perpetrators of fraud using the phishing technique try to get hold of your personal data and/or your payment card by sending e-mails, sms messages and/or calling you on the telephone. Those data (and your payment card) will allow them to withdraw money from your account but also to perpetrate identity fraud.
Phishing does not only affect internet banking but it can also pose a threat to any payment system.
How does a criminal work?
You receive an e-mail out of the blue. The message appears to be from your bank or the company issuing your credit card. You have to click a link to a website that looks extremely similar to your bank’s own website or the website for the company issuing your credit card. On this site, you read that you must enter, complete or check your personal data concerning your accounts, credit cards and codes. This will be for “security reasons”, “file checks”, “data loss”, etc.
Sometimes you will also be requested to mail your data directly to a specific person.
Although phishing is mainly done via e-mail, fraudsters can also call you on the telephone. They pretend to be a bank employee telling you that there are problems with your bank account or your credit card. In order to check that everything is okay, the employee needs your data...
What does your bank do?
Your bank does everything possible to trace phishing e-mails and websites and have these sites removed.
In addition, the bank also guarantees that, among other things, internet banking is always done via a secure website that is easily recognisable. This way you are less likely to fall into a trap if a phishing e-mail is sent to you requesting you submit your data through a fake website.
What does a secure site look like? You will recognise it by the following:
- The address always starts with https:// and not with http://;
- The locked padlock (if you’re working in Internet Explorer) at the bottom right of the internet page (or at the top of recent browsers) is visible. This means that a security certificate has been sent to your computer and that only you have access to the information that you are sending or receiving. If you click the padlock, you can see the certificate’s data and can check who owns the website;
- Requesting your authentication data via your bank’s known security mechanisms when launching an internet banking session;
- In some cases, the address bar will also turn green. This only happens when a website has an EV certificate (extended validation) and you are working with Internet Explorer 7 or a more recent browser.
Wat can you do?
A good spam filter is the best way to avoid getting any more phishing messages. Immediately delete messages you feel are suspicious.
If you get a message (via e-mail, pop-up window or telephone) in which you are asked for your information, do not provide it. Do not answer the e-mail and if your internet banking session is open, close it immediately. Then immediately contact your bank and the police.
How can you recognise a phishing message?
- Your bank will never ask you to provide confidential information via an e-mail or a pop-up message. This means that, by definition, such messages are phishing messages.
In addition, a phishing message can have the following characteristics;
- Phishing messages are sometimes badly written and contain spelling and grammar mistakes. Occasionally, they can be written in a foreign language. Your bank knows in which language you want to receive correspondence and thoroughly screens that correspondence for possible mistakes. Messages that do not comply with these characteristics are by definition suspicious;
- Phishing messages sometimes threaten consequences if you do not reply to the question;
- The link in phishing messages goes to a website that looks similar your bank’s own website or the website for the company issuing your credit card. This site will not be secured, contrary to the bank’s actual website;
- A forged e-mail address can sometimes be in the From field. Always check if this address is from your bank. If in doubt, contact your bank through your usual channels and never answer the e-mail;
- The sender’s address looks strange;
- Your spam filter flags this message as spam.