Combatting online financial fraud: essential tips and tools

Online financial fraud: a major challenge

Synthetic voices, perfectly imitating real ones, enabling criminals to steal hundreds of thousands of euros; calls fraudulently displaying your bank’s phone number, while fraudsters are on the other end of the line; near-perfect copies of websites; fake chatbots; and scam emails inserted into genuine email chains—these are just a few of the inventive and sophisticated tactics employed by financial criminals.

The use of artificial intelligence has made identity theft (such as deepfakes) a widespread practice. While quantifying the full extent of the issue is challenging, the Ministry of the Interior reports that phishing cases (fraudulent messages used to steal personal data) reported to the police skyrocketed from 28 in 2020 to 1,310 in 2023.

Key reminders

During this festive season, when fraud attempts often increase, the ABBL and its members recommend the following security measures:

How fraudsters operate:

Most online fraud scenarios aim to trick you into sharing your personal or banking information or credentials. Remember, no financial institution (or any public institution or organisation) will ever ask you via email, SMS, or phone call to share your credentials or log in to your online banking via a link sent to you.

A crucial reflex: contact your financial institution’s helpdesk, Worldline hotline 491010, or LuxTrust at 24 550 550

If you have questions or doubts about a suspected fraud attempt, contact your financial institution’s helpdesk immediately to block your bank card and/or suspend or revoke your LuxTrust certificate.

Outside business hours, if you have been, or suspect you may have been, a victim of fraud and are a client of one of the following institutions: Banque de Luxembourg, Banque Internationale à Luxembourg (BIL), Banque Raiffeisen, BGL BNP Paribas, POST Luxembourg, or Spuerkeess, you can immediately contact Worldline Financial Services at +352 49 10 10 (available 24/7). A specific procedure allows:

• Clarifying the circumstances of the fraud;
• Blocking your bank cards;
• Being connected with LuxTrust to suspend or revoke certificates;
• Informing your financial institution of the incident.

LuxTrust’s customer service also supports the suspension or revocation of your certificate:

• By phone: +352 24 550 550 via a dedicated anti-phishing line (available 24/7);
• In person: At their offices in Capellen (IVY Building, 13-15 Parc d’activités, L-8308 Capellen, Luxembourg) Monday to Friday, from 8 am to 6 pm;
• Online: At the LuxTrust website, under “My LuxTrust” to temporarily suspend or permanently revoke your certificate.

Best practices

Exercise caution and seek advice

• Take time to analyse the email or SMS you receive.
• Never click on a link or attachment received via SMS, email, or other suspicious channels.
• Read carefully the information requested during each authorisation step and double-check the details to ensure your transaction is secure.
• Seek advice from trusted individuals for an external opinion.
• Remember that no financial institution employees will ever visit your home to collect payment cards or PIN codes, nor will they pressure you over the phone to open an email or follow suspicious instructions.

Conduct further research

• Look for additional information to confirm the legitimacy of the steps requested via the email or SMS you received.
• Conduct an internet search using the keywords provided by the fraudster followed by the term “scam”.

Protect your data

• Treat your personal and banking data as securely as you do your ID documents or keys.
• Keep your credentials strictly confidential, including LuxTrust identifiers. Do not share them, even with your banking advisor.
• Do not store your credentials in unsecured locations like email, physical notes, or electronic devices. Use a secure password manager.
• Regularly check your list of registered beneficiaries in your banking application.

Listen to your bank’s advice and help them protect you

• Regularly consult the security section on your bank’s website or application, which is often updated to address recent and common fraud types.
• Inform your bank of any changes to your contact details (phone number, email address, etc.) via the official channel to ensure they can contact you in case of issues.
• Keep your banking application updated to benefit from the latest security features.

Six common fraud techniques to know and avoid

• Phishing: Fraudulent emails pretending to be official institutions (tax authorities, police, your bank, or LuxTrust) to trick you into sharing credentials.
• Smishing: Alarmist or urgent SMS messages containing fraudulent links or numbers.
• Vishing: Fraudulent phone calls impersonating a financial institution or authority.
• Spoofing: Faking official phone numbers or email addresses to build trust.
• Quishing: QR code-based phishing redirecting you to malicious websites.
• Deepfake: Manipulated audio or video of a trusted individual urging you to take fraudulent actions.

Useful links

• Sécher am Internet: A platform created by the ABBL Foundation for Financial Education to help you understand online banking.
• Letzfin.lu: A financial education platform developed by the Commission de Surveillance du Secteur Financier (CSSF) with support from the ABBL Foundation.
• BeeSecure: A government initiative operated by the National Youth Service (SNJ) and the Kanner-Jugendtelefon (KJT), in partnership with Luxembourg House of Cybersecurity, the Police, and the General Prosecutor’s Office, promoting safer and more responsible use of digital technologies.