Menu Close
BGL logo The bank for a changing world

Do you have doubts about a transaction?

Contact us without delay.

By phone

(+352) 42 42-2000

By email

info@bgl.lu

Send a message

Better informed = better protected!

Because of the growing number of fraud attempts and cyberattacks, companies now operate in a permanently risky and constantly evolving environment. Regardless of their size or sector of activity, no organisation is spared. Fraudsters’ methods are becoming increasingly sophisticated and require heightened day to day vigilance.
Our commitment is clear: support companies in better understanding, anticipating and limiting risks. Thanks to our expertise, our continuous investments in proven security tools and our awareness raising initiatives, we help professionals identify threats and adopt the right reflexes.

Specifically, our approach is based on:

  • information;
  • awareness;
  • support;
  • prevention.

Because when facing a rapidly evolving threat, knowledge remains the first line of defence.

Being informed already means being protected.
Our ambition: make cybersecurity accessible, enabling every business to act with clarity, autonomy and confidence.

Warning signs !
 

Fraudsters use the name of your company, your bank or your service providers!
Someone contacts you pretending to be a client, a supplier, your bank or another partner. Whether by SMS, email or phone, banks and legitimate third parties will never ask you to disclose confidential information (codes, access credentials, validation tools).

Remain particularly vigilant and raise awareness among your employees, as a single mistake may be enough to compromise the company’s security.

Beware of CEO fraud!

CEO fraud is a scam technique in which a fraudster impersonates a company executive. The aim is to persuade an employee to share sensitive information or carry out an urgent action, most often a bank transfer.

The fake executive usually asks the employee (often within finance or accounting departments):

  • to carry out an urgent and confidential transfer;
  • not to inform other employees (using flattery, pressure or intimidation);
  • to act quickly, without delay or verification.

Fraudsters use several techniques:

  • phone spoofing: the number displayed appears to be that of the executive;
  • highly credible emails, perfectly imitating tone and signature;
  • messages via WhatsApp or SMS, sometimes accompanied by a photo of the executive.

These attempts are generally very well prepared, thanks to prior information gathering (organisation charts, names, work habits, social networks, LinkedIn, etc.).

We are carrying out a strictly confidential financial transaction. You have been chosen to carry out this task due to your discretion and professionalism. You will be contacted again for further details.

Example of CEO fraud

 

What are the most common types of fraud?

 

   

What is social engineering?

Social engineering is a technique used by fraudsters to manipulate employees, prompting them to share sensitive information, access credentials or trigger an action (often financial), without necessarily hacking the company’s IT systems.

This approach targets the human factor rather than technology. It relies on trust, routines, work habits, internal processes, as well as fear, urgency or hierarchical pressure.

Common examples:

  • phishing emails asking users to click on a fraudulent link;
  • CEO fraud requesting an urgent transfer;
  • requests to create a new beneficiary in accounting or online payment tools;
  • fake IT support asking for credentials under the pretext of maintenance;
  • alarming messages (e.g. account blocked without immediate action);
  • unusual internal requests for the transmission of sensitive files;
  • collection of seemingly harmless information via the internet and social networks (LinkedIn, holidays, projects, etc.).
     

What is identity theft fraud?

Identity theft fraud involves impersonating a legitimate company or recognised partner to deceive an employee and obtain sensitive information or a payment.

The fraudster may impersonate:

  • a fake supplier requesting invoice payment;
  • a fake technician claiming an IT malfunction;
  • a fake employee requesting salary payment;
  • a fake institutional actor (client, bank, LuxTrust, Guichet.lu, police, lawyer, landlord, statutory auditor, etc.);
  • an executive, management member or internal department (finance, HR, IT).

Remain particularly vigilant regarding any request to change details (IBAN, beneficiary, bank) and falsified or intercepted invoices following a cyber intrusion.

What is phishing fraud?

Phishing fraud consists of deceiving an employee via a fraudulent message (email, SMS or another channel).

The aim is to encourage the victim to:

  • disclose sensitive information;
  • click on a malicious link;
  • download an infected file;
  • enter credentials on a fake website.

Some variants use fake web pages referenced in search engines.
Be particularly vigilant regarding fraudulent sponsored websites and email spoofing techniques.

What is ransomware?

Ransomware is a cyberattack intended to block or encrypt a company’s systems and data before demanding a ransom in exchange for their restoration.

IT systems can be paralysed overnight, leading to major consequences:

  • business interruption;
  • financial losses;
  • damage to reputation and customer trust.

Please note: authorities recommend not to pay a ransom.
 

What is card fraud

Card fraud refers to any unauthorised use of electronic payment means. It may concern both merchants and their customers.
 
Examples of card fraud:
  • payments made with stolen or cloned cards;
  • fraudulent online purchases using misappropriated payment methods;
  • data theft (card, SIM, SWAP, etc.).

What is fake investment fraud?

This fraud involves investment offers promising significant gains over a short period, which ultimately prove to be fictitious. Investments presented as risk free with high returns should always raise a red flag.

What about artificial intelligence?

Artificial intelligence is no longer a futuristic concept: it is already transforming the way companies detect and fight against fraud and cyberattacks.

It operates at two levels:

AI can help companies protect themselves:

  • predictive analysis of suspicious behaviour;
  • advanced filtering of emails and communications;
  • enhanced system security.

But AI can also be used by fraudsters:

  • automated generation of highly credible messages;
  • voice impersonation or video deepfakes;
  • rapid identification of vulnerabilities.

Vigilance and training therefore remain essential, as the final decision always lies with humans.

Some warning signs

inconvenient.png Unknown person: any request for information or action from an unidentified interlocutor;    
inconvenient.png Data changes: any modification of beneficiary, IBAN or details must be verified;    
inconvenient.png Unsolicited action: any unexpected initiative from a provider or partner;    
inconvenient.png Emotional triggers: urgency, flattery, excessive confidentiality, intimidation, alarming tone;      
inconvenient.png Unusual channels: SMS, suspicious emails, fake websites, spelling mistakes, unknown links, approximate logos.      

Good practices to adopt

opportunite.png Discretion: limit the sharing of information, even seemingly harmless details;    

opportunite.png
Verification: ensure employees contact their management or reference persons in case of doubt;		    
opportunite.png
Caution: never click on unknown links; check URLs;		    
opportunite.png
Watchfulness: remain alert to inconsistencies and anomalies;		    
opportunite.png
Personal: never share your codes, access credentials or validation tools;		    
opportunite.png
Preparation: implement an action plan and regular backups;		    
opportunite.png
Training: stay informed regularly and share best practices;		    
opportunite.png
Information: regularly consult the warning sections of Luxembourg and foreign authorities’ websites(**);		      
opportunite.png
Action: in case of suspicion, seek immediate support.		      

Raise awareness among your employees!

No technical system, however efficient, can compensate a lack of vigilance.

Training should be considered a strategic investment: training, explaining, simulating and repeating help anchor lasting reflexes and develop a genuine culture of vigilance.

Protect your company’s trust, assets and reputation in the long term.

(*) My Business Banking is dedicated to professionals operating as a legal entity. As a self employed person, you can access a standard Web Banking solution. Learn more.

(**) Regularly consult the fraud warning sections on the websites of Luxembourg and foreign authorities such as the ABBL, the Police, the CSSF, Guichet, LuxTrust, etc.

The information, opinions and assessments contained in this document are considered reliable and are provided for information purposes only. BGL BNP Paribas neither guarantees their completeness nor their accuracy. This information may be modified without notice. BGL BNP Paribas cannot be held liable for any error, omission or opinion contained in this document. This document does not constitute an offer, advice or solicitation to buy or sell any instrument, product and/or financial, banking or other services. To avoid any ambiguity, none of the information contained herein constitutes a contractual commitment.