Cybercrime during the crisis: please be especially careful
Hackers are taking advantage of the health crisis and many cases of cybercrime have been recorded since the pandemic began.
That’s why it’s important to be especially careful. Protect yourself online by adopting the right habits now.
Six key habits you should adopt to avoid fraud
1. Keep your bank codes safe
Never divulge your bank codes (client number, secret code, Token), whether in writing, orally, or by e-mail.
Likewise, you must protect your codes from being seen by anyone else: don’t leave post-its on your desk or write bank codes in your diary.
2. Unknown sender: be cautious!
Suppose you get a call from someone passing themselves off as your bank advisor; an e-mail from an unknown sender containing a link; an e-mail from someone you think you know, but with content that looks suspicious (e.g. “Send me money, I'm stuck in London”). What should you do?
Don't follow it up; don't click on the link; and don't send any money!
3. Choose codes that will be hard to guess
If you want your code to remain secret, make it difficult for people to guess: it mustn't be a consecutive string of numbers, the same number repeated, a birthday, etc.
4. Attachments: be careful!
One of the most common and effective ways of spreading viruses to your computer is an e-mail containing an attachment.
To safeguard yourself, we advise you never to open attachments from an unknown sender. If the file type ends in .exe, .com, .bat, .pif, .vbs, or .ink, be doubly cautious.
5. Web address: the padlockaddress in the browser bar must display:
When you enter your bank card number on a site or log in to a bank website, the web
the SSL padlock;
the letters httpS (“s” meaning secure);
the correct spelling.
6. Avoid public Wi-Fi networks
Be careful when using computers in public spaces. You should only log in via secure Wi-Fi networks.
If you’re in a public space, don’t connect to an open Wi-Fi network to carry out a bank transaction.
Never install software or updates over a public network.
We also recommend that you:
protect your computer with an anti-virus program and keep your software updated;
don't disclose your personal data on forums, social networks, or unknown sites;
don't buy products from websites which seem suspect to you; if you have the slightest doubt, leave the site at once;
don't provide any personal data if you use public WiFi networks, which often have low security.
Interactions with the bank
BGL BNP Paribas does not include links in text messages and will never ask you for confidential information (OTP token, username, password, card code, etc.) by e-mail, text message or telephone.
Be careful when you receive an e-mail or text message purporting to be from BGL BNP Paribas or another service provider. Check the identity of the sender before clicking on any links or opening any attachments.
In case of doubt, please contact our Client Service on (+352) 42 42-2000.
Our solutions to keep you safe
A LuxTrust Token is a digital certificate that confirms your identity. It generates a single-use code that you enter when you access Web Banking or when you carry out your transactions. It is linked to a password chosen by you.
A LuxTrust Token can take the form of a small device or a mobile application: LuxTrust Mobile.
3D Secure for your online purchases
The 3D Secure system ensures the security of your online payments by bank card. You must have activated the 3D Secure function for your cards beforehand on the Web Banking site in the “Credit cards” section.
Then, whenever you buy online on sites displaying the “Verified by Visa” or “Mastercard ID Check” logo, you will have to validate your payment either with your Token or with a code received by text message.
Whether you’re applying for a loan, sending attachments, obtaining information, etc., you can communicate securely with your account manager using the Web Banking messaging service available on the site and the application.
European PSD2 Directive
Just like your bank, the European Union is concerned with banking security. The PSD2 Directive has introduced more stringent rules to guarantee your security and requires regular strong authentication on Web Banking.
Specifically, if you have opted to connect without using a Token, you will still be asked for it every 90 days.