Our cybersecurity tips

Online fraud: a growing threat in Luxembourg

Increasingly sophisticated and harder to detect, online fraud affects thousands of users in Luxembourg every year. Despite awareness efforts, many citizens remain vulnerable: they often don’t know how to respond to a fraud attempt or who to contact to report it.

To address this issue, the Luxembourg House of Cybersecurity, in partnership with key institutions such as BEE SECURE, ABBL, CSSF, ILR, CAA, and MyConnectivity, is launching a national campaign to fight against online fraud.

As a member of the ABBL, we invite you to explore the new dedicated platform. You will find advice, cybersecurity best practices, and all the information you need to effectively protect yourself against fraud attempts.

Spear Phishing – What is it? 

If you’re contacted by someone claiming to be your adviser or a BGL BNP Paribas employee and who asks you to:

• to stop allegedly fraudulent transactions by asking you to communicate LuxTrust codes;
• make a transfer to another account to avoid being scammed validate transactions on the LuxTrust Mobile application;
• validate a LuxTrust Mobile QR code;
• share your bank details;
• share your PIN codes.

You’re probably dealing with someone who’s trying to scam you.

If in doubt, end the conversation immediately.

Have you been contacted by a potential scammer? Contact us on (+352) 42 42-2000.

Example of card fraud:

In general: 

• use the LuxTrust Mobile system on your smartphone. When you need to validate an operation (login, transfer, card payment), the LuxTrust Mobile application shows you what you’re approving. If a pop-up notification asks you to approve an operation you didn’t request or a payment to a payee you don’t recognise, click refuse and contact the bank ASAP on (+352) 42 42-2000,

• don’t be fooled: no bank will threaten to cut off access to your accounts or not renew your credit cards if you don’t enter your details, 
  
  
• be wary of “urgent” requests urging you to take immediate action,
  
  
• check whether you already know the contact (phone number), sender of the message or SMS (e-mail address or phone number). We advise you never to open attachments from an unknown sender or suspicious address.

Take the time to read through the request and contact your bank if anything seems suspicious (via unsecured contact methods).

Other useful habits

1. How you log in

Do you check your bank accounts on your phone or a tablet?

• log in securely by using the Web Banking mobile app,
• all usefull information and available features can be found on the Web Banking application. Use the most secure method for logging in to your accounts.

Don’t use the app yet?

Download the “BGL BNP Paribas Web Banking’’ app from your app store today, available for iOS and Android!

Do you check your bank accounts on your PC/laptop?

• log in directly on our website at https://www.bgl.lu/en/individuals.html by clicking on “Web Banking” (at the top-right of the page),
• or by entering https://webbanking.bgl.lu/en/webbanking/login.html in the search bar.

2. Your online activity

Interacting with the bank

Apply for a loan, get information, send documents or contact the bank. You can communicate securely with your account manager using our secure contact methods, such as the Web Banking messaging service available on the website and mobile app.

Update your devices’ operating systems as soon as possible: smartphone, tablet, computer

Your devices should have an automatic update option, so make this your default mode. A system that hasn’t been updated may have vulnerabilities that can be exploited by cyber criminals.

Avoid public Wi-Fi networks

Your devices should have an automatic update option, so make this your default mode. A system that hasn’t been updated may have vulnerabilities that can be exploited by cyber criminals.

Cyber criminals know how to exploit network security flaws to steal your personal data.

To keep your data secure in public places, make sure you take the right action:

• use mobile data (3/4/5G networks) when you need to check your accounts or make banking transactions,
• however, if you have to use a public Wi-Fi network, don’t enter any personal data (Wi-Fi networks at home or work are the most secure), 
• turn off the automatic Wi-Fi connection option and/or delete networks that aren’t password protected,
• never install software or updates or download documents or attachments over a public network. When you’re at home or in a secure place, remember to check that your phone is updated: many of the updates suggested by your smartphone are security updates,
• if you need to work or do research online in a public space (co-working space): where possible, hide your screen from others (for example: from passersby) or from security cameras (recorded video can be hacked),
• avoid using your devices to check your accounts or any other sensitive information when taking public transport,
• use standard plugs if you need to charge your telephone or tablet in a public place (avoid recharging via USB ports, which can be hacked).

Do you need to make an online card payment?

For all online transactions, check the reliability of a website before entering your personal and banking details. To do so:

• use a secure Wi-Fi network or mobile data to make the transactions (3/4/5G),
• check that there is an SSL protocol and httpS (”s” for secure/security),
• check the correct spelling for the website.

Strengthen your online security and make transactions in complete peace of mind with 3D Secure!

Luxtrust 

The Token is a digital certificate that guarantees your identity. It generates a single-use code that you enter when you access Web Banking or when you carry out your transactions. It is linked to a password chosen by you. It's a different password from the one you use to connect to your BGL BNP Paribas Web Banking.