Recognising and preventing phishing: here's what you need to know
Phishing: you’ll most certainly have heard of it. You may also have received a text message before with a link to re-activate your ING account. Or perhaps you’ve received an e-mail with strange questions.
From banks and the government to online shops: more and more Belgians are having to deal with phishing. We therefore want to help you recognise these fraud attempts, so you are always in control of your finances.
What is phishing?
Phishing is a form of Internet fraud, by which cybercriminals try to obtain personal data from you. Things such as your password, PIN or the card number on your bank or credit card. This is often done by e-mail or text, but it may also be over the phone. The criminals then use this knowledge to make payments from your bank account.
Phishing attempts are often easy to recognise. But recently, fraud techniques have become more sophisticated. This is making it increasingly difficult to tell the difference between a fake message and one that’s trustworthy. Cybercriminals sometimes even set up a complete page that looks exactly like the real website.
How does phishing work with banking?
When phishing, criminals misuse the bank’s logo and it's entire identity to send fake e-mails. If you receive an e-mail from your bank, the first thing to do, is to check the sender’s e-mail address. Messages from ING, for example, always come from email@example.com. Next, look at the content of the e-mail. Does it ask you to check your bank details via a link in the e-mail? Or does it say you need to order a new bank card? If it does, the link may take you to a fake login page that strongly resembles that of your bank. There, you’ll be asked to enter your details or carry out transactions.
In addition, more and more criminals are trying to send phishing text messages. This is also known as ‘smishing’ (SMS + phishing). However, these messages can also come in via WhatsApp or Facebook Messenger. With this, the cybercriminals invariably play on your fears and tell you that you have to act fast. The combination of these things increases the temptation to click on the link. Never do it! Important things to know: ING never sends text messages with links for you to click on. If you receive a message that tells you to do this, it is always from phishing criminals.
Furthermore, some people receive a phone call from someone pretending to be an employee of their bank. This person asks for some numerical codes, which you have to create with your bank card and card reader. In this instance, the need to update your personal details is often a pretext. In reality, it is a fraudster who at that moment is using the numerical codes to make payments from the victim’s bank account. ING will never contact you by phone, message, e-mail or social media to ask for personal details that we already have such as your e-mail address, postal address or bank account number. The same applies to the numerical codes you create via the ING card reader. In another blog article you can read more about how to recognise official ING communications.
How do you prevent phishing?
- Just go to the Home'Bank or Business'Bank login page via ing.be. Never do this via a link in a text message or e-mail.
- Never give out personal details by e-mail or telephone.
- Never give out your PIN or the numerical codes from your card reader.
- Never enter your debit or credit card’s secret PIN on a website.
- Never send your bank or credit card through the post. Always cut up the card and its chip if you no longer use it or it has expired.
However, cybercriminals don't just pose as your bank. They can also pop up during online shopping. Be attentive at these times as well:
- At the point when you’re about to pay in a web shop, check the URL. Does the URL start with 'https://'? Then you know you are in a secure environment.
- If you receive an e-mail with a link to pay for your purchases while shopping online, don't click on it. Payments are never made by e-mail.
How can you report phishing?
- Call us immediately on +32 2 464 60 04. You can do this on any weekday from 8 a.m. to 10 p.m. and on Saturdays from 9 a.m. to 5 p.m. You can find the other ways to reach us on our contact page.
- Have you received a suspicious text message or email? Send an e-mail to firstname.lastname@example.org as soon as possible and include the fraudulent e-mail as an attachment.
- Have you lost your cards or have they been stolen? Check this page with instructions on how to immediately block your card. Also file a report with the police. Then provide us with the crime reference number.
Want to know more about the latest forms of phishing?
On www.ing.be/fraude we regularly publish information and examples of the latest fraudulent messages. This way we can stop internet fraud together.