Internet fraud through phishing

A new kind of phishing: fraudulent card orders

How to protect yourself?

- Never try to access the Home’Bank login page via a link in an e-mail.

- Never send your bank card to anyone by post.

- Always destroy an expired card or card you no longer use by cutting both it and its chip in half with a pair of scissors.

- Never enter your PIN on a website, only on your ING Card Reader.

The internet has made our lives far easier. We do practically everything on our computers, from shopping to banking. Unfortunately there are some downsides to this. When we subscribe to an online newsletter or enter a competition for example, we give out a lot of information about ourselves. And that is something the fraudsters know only too well. They use phishing in an attempt to gain control of our confidential information and then go on to misuse it.

Find out how fraudsters operate.

See the video

What is phishing?

Phishing is a method used by fraudsters to "fish" for confidential information such as your password, PIN number and the number of your bank or ID card.
Their aim? To make payments from your account using the "stolen" information.

In concrete terms, a "phisher"
works in 2 or 3 steps.

  • Step 1: fraudsters abuse the logo and identity of ING to create deceptive e-mails. In these e-mails you are persuaded, under a false pretext, to verify your bank details by clicking on a link in the e-mail.
  • Step 2: the link takes you to a fake web page that looks strikingly like the Home’Bank and Business'Bank login page. At this point, you are asked to fill in a number of fields or carry out actions. Before you know it, you have given out your confidential details.
  • Step 3: after that you may also receive a fraudulent phone call. This is what we call vishing. Someone posing as an ING employee will ask you for a few codes that you generate with your bank card and card reader. So to say to confirm the update of your details. In reality the fraudsters use these codes to make payments from your account.

How do you recognise phishing?

In order to avoid incurring any financial losses, you need to be able to recognise deceptive e-mails, telephone calls and fake websites.
Furthermore, you should be aware of which information you must never give out and which information we will never ask you for.

Deceptive e-mail

Points of attention

  • Deceptive e-mails are often full of typos.

  • ING will never ask for your confidential information via e-mail.

« les comptes bancaires en ligne devrait être liés au système de sécurité »

Fake website

Points of attention

  • Is the site genuine? If the URL starts with "https://" and contains "", you are fine.

  • Always go to the Home’Bank or Business'Bank login page via the ING website at
point of attention in the url 

Fraudulent phone call


Points of attention

  • ING will never ask for your confidential information over the phone.

  • ING is calling you but you doubt it is one of our collaborators? Call us back yourself on +32 2 464 60 04. You also find this number on the back of your ING bank card.

What should you do in the event of a phishing attempt?

Have you received a suspicious e-mail or phone call? Let us know!

  • Contact the Home’Bank Helpdesk immediately on +32 2 464 60 04, even if you have not given out any confidential information.
  • Also send a copy of the suspicious e-mail immediately to