Menu Close
The bank for a changing world
0 Résultat

Beware of fraudulent SMS and e-mails

Currently, there are several phishing attempts circulating in Luxembourg. The fraudsters sent SMS and e-mails inviting the user to update their data, imitating communications from LuxTrust, 3D Secure and several other banks in Luxembourg. You can find more information on this subject in the press release (in French) from LuxTrust.

It is crucial that everyone takes care to protect their personal data (username, password, card code, Token OTP, etc.). Your bank will never ask you for confidential information by e-mail, SMS or telephone.

Be careful when you receive an e-mail or SMS on behalf of BGL BNP Paribas or another service provider. Check the identity of the sender before clicking on any links or opening any attachments.

In case of doubt, please contact our Client Service on (+352) 42 42-2000.

Our security advice

Let’s imagine you receive an e-mail or message on your smartphone telling you to urgently click on a link and enter your client number and secret code, because (you're told) there's a problem with your bank account.

In all good faith you click on the link and are redirected to the BGL BNP Paribas Web Banking site; you do as you are asked and enter your client number, your secret code and your Token code, you validate and... Gotcha! You've just become another fraud victim! 

The signature on the email was certainly that of your bank, the Web Banking site looked just like the BGL BNP Paribas site, everything looked above board... but even so!

Five habits you should adopt to avoid fraud 


  1. Keep your bank codes safe
    NEVER divulge your bank codes (client number, secret code, Token), whether in writing, orally, or by e-mail.
    Likewise, you must protect your codes from being seen by anyone else: no post-its on your desk, no bank codes in your diary!
    BGL BNP Paribas will never ask you for your bank codes either via your personal e-mail address or by SMS.
  2. Choose codes that will be hard to guess
    If you want your code to remain secret, make it difficult for people to guess: it mustn't be a consecutive string of numbers, the same number repeated, a birthday, etc.
  3. Unknown sender: be cautious!
    Suppose you get a call from someone passing themselves off as your bank advisor; an e-mail from an unknown sender containing a link; a mail from someone you think you know, but with content that looks suspicious (e.g. “Send me money, I'm stuck in London”). What should you do?
    Don't follow it up; don't click on the link; and don't send any money!
  4. Attachments: be careful!
    One of the most common and effective ways of spreading viruses to your computer is an e-mail containing an attachment.
    To safeguard yourself, we advise you never to open attachments from an unknown sender. If the file type ends in .exe, .com, .bat, .pif, .vbs, or .ink, be doubly cautious.
  5. Web address: the padlock
    When you enter your bank card number on a site or log in to a bank website, the web address in the browser bar must display:
  • the SSL padlock
  • the letters httpS (“s” meaning secure)
  • the correct spelling

We also recommend that you:

  • protect your computer with an anti-virus program and keep your software updated;
  • don't disclose your personal data on forums, social networks, or unknown sites;
  • don't buy products from websites which seem suspect to you; if you have the slightest doubt, leave the site at once;
  • don't provide any personal data if you use public WiFi networks, which often have low security.


Your banking security

Your security is our priority. That's why we have introduced security features that allow you to use our banking services with complete confidence.

LuxTrust Token

The Token is a digital certificate that guarantees your identity. It generates a single-use code that you enter when you access Web Banking or when you carry out your transactions. It is linked to a password chosen by you.

The LuxTrust Token can be in the form of a small device or a mobile application.

European PSD2 Directive

Just like your bank, the European Union is concerned with banking security. The PSD2 Directive has introduced more stringent rules to guarantee your security and requires regular strong authentication on Web Banking.

Specifically, if you have opted to connect without using a Token, you will still be asked for it every 90 days.

3D Secure for your online purchases

The 3D Secure system ensures the security of your online payments by bank card. You must have activated the 3D Secure function for your cards beforehand on the Web Banking site in the “Credit cards” section.

Then, whenever you buy online on sites displaying the “Verified by Visa” or “Mastercard ID Check” logo, you will have to validate your payment either with your Token or with a code received by SMS.

Secure messaging

Whether you’re applying for a loan, sending attachments, obtaining information, etc., you can communicate securely with your account manager using the Web Banking messaging service available on the site and the application.

Good to know

Stay alert! Web Banking will keep you regularly informed on the latest fraud attempts identified by BGL BNP Paribas.


Your personal data

Because you are a BGL BNP Paribas client, we have a certain amount of information about you.

This is the information that you provided when opening your account or during discussions with your advisor (age, address, family situation, etc.), as well as information related to the activity on your account (transactions, client number, etc.).

What we do with this information

Your personal data is carefully kept at the bank and stored securely.

We will never disclose it to third parties without your prior permission. You have the right to access and correct this information.


What to do if you have been the victim of fraud

  • If you have made a dubious payment online, immediately block your card by calling (+352) 49 10 10 (24 hours a day)
  • If you have been the victim of fraud on Web Banking, call the Client Service as soon as possible (+352) 42 42 - 2000 from Monday to Friday from 8 am to 6 pm or write to