20 April 2020
Do you know how to recognise phsihing?
Ever received an e-mail with a strange-sounding request?
E.g. to click on a link in order to reactivate your account. Or alerting you about a connection to your bank account from an unknown computer.
In such cases, you can probably rely on your common sense. But sometimes, the techniques employed by would-be cybercriminals is so subtle that you can barely notice the difference between a reliable and a fraudulent e-mail! Even detecting a fake website can be challenging. Because hackers are often so well prepared that they replicate everything down to an officially registered address.
Which is why we want to help you recognise the signs of attempted fraud!
Received an e-mail or call from your bank? Proceed with caution…
It could be a case of phishing! Phishing is the most common form of internet fraud today and is the name given to a variety of scams devised by hackers to:
- trick you into providing confidential information such as your password, PIN, debit card number or ID card number.
- transfer money from your account on the basis of this “stolen” information.
There are several types of phishing. This is how to recognise them.
Regular, or dynamic phishing
Hackers typically assume the logo and identity of your bank in order to create fraudulent e-mails. Step 1 should therefore always be to check whether the sender has used a fake e-mail address.
The body of the e-mail invariably contains a request to confirm your banking details under false pretenses. E.g. by asking you to “simply” click on a link or offering you a new bank card, redirecting you to a fake internet site which probably resembles the login page of your e-banking service. You may be asked to fill in multiple fields or to carry out certain transactions. This is how hackers use phishing to trick you into sending your confidential details without even knowing it.
You may also be the recipient of a fraudulent telephone call, commonly known as Vishing. Your interlocutor may introduce him or herself as an ING employee. Under the pretexts of updating your details, they may ask you to generate codes using your bank card and card reader. In reality, hackers attempt to use these codes to transfer money from your account.
The use of electronic messaging such as WhatsApp, Facebook Messenger or SMS allow fraudsters to emphasise the urgency of the message. They use the fact that the alert is displayed automatically on your phone's screen. It is then very difficult to resist the temptation to click it.
Then the message will always try to scare you or incite a sense of urgency.
We have changed our communication rules to deal with this form of fraud. From now on, ING will no longer send text messages with clickable links. If you receive one in our name: IT DOES NOT COME FROM ING, do not click on the link.
What do I need to bear in mind?
- Always log in to Home'Bank or Business'Bank via www.ing.be (and never by clicking on a link sent by e-mail).
- Check that you are on a secure payment platform by checking that the address in your browser begins with https.
- Never disclose confidential information by e-mail or over the phone.
- Never communicate your PIN or a combination of numbers generated by your card reader.
- Never send your debit or credit card by post and always cut both the card and the chip in half before throwing it away.
- Never enter the PIN of your debit or credit card directly into a website (and only ever on your ING Card Reader).
- If, when shopping online, you are asked to complete payment via an “intermediate step” such as a “confirmation mail”… beware! Payments are never made by e-mail!
What should I do in the event of a phishing attempt?
We publish regular information on the latest fraud messages on www.ing.be/fraud.