Cybercrime: our advice on how to protect yourself

Be vigilant, scammers don't take holidays!

Be wary of:

• unsolicited phone calls
• e-mails inviting you to click on a link
• messages received on Messenger, WhatsApp, Signal or any other messaging app

Do not confuse a message validating an action taken by you (confirmation of a credit transfer by SMS, receipt of a PayPal code to validate a transaction) with an unsolicited message in which you are asked to follow a link, whereby the fraudster would steal your information and allow them to debit your bank account.

These malicious actors pretend to be a company (bank, telephone operator, post office, online shop, etc.) in order to steal your LuxTrust information and bank details and initiate payments from your bank account.

NEVER give your login details to a third party.

BGL BNP Paribas will never ask you for confidential information by e-mail, SMS or telephone.

In case of doubt, please contact our Client Service on (+352) 42 42-2000.

Cybercrime during the crisis: please be especially careful

Hackers are taking advantage of the health crisis and many cases of cybercrime have been recorded since the pandemic began. 

That’s why it’s important to be especially careful. Protect yourself online by adopting the right habits now.

Six key habits you should adopt to avoid fraud

1. Keep your bank codes safe 

Never divulge your bank codes (client number, secret code, Token), whether in writing, orally, or by e-mail. 

Likewise, you must protect your codes from being seen by anyone else: don’t leave post-its on your desk or write bank codes in your diary.

2. Unknown sender: be cautious! 

Suppose you get a call from someone passing themselves off as your bank advisor; an e-mail from an unknown sender containing a link; an e-mail from someone you think you know, but with content that looks suspicious (e.g. “Send me money, I'm stuck in London”). What should you do? 

Don't follow it up; don't click on the link; and don't send any money!

3. Choose codes that will be hard to guess 

If you want your code to remain secret, make it difficult for people to guess: it mustn't be a consecutive string of numbers, the same number repeated, a birthday, etc.

4. Attachments: be careful! 

One of the most common and effective ways of spreading viruses to your computer is an e-mail containing an attachment. 

To safeguard yourself, we advise you never to open attachments from an unknown sender. If the file type ends in .exe, .com, .bat, .pif, .vbs, or .ink, be doubly cautious.

5. Web address: the padlockaddress in the browser bar must display: 

When you enter your bank card number on a site or log in to a bank website, the web

• the SSL padlock;

• the letters httpS (“s” meaning secure);

• the correct spelling.

6. Avoid public Wi-Fi networks 

Be careful when using computers in public spaces. You should only log in via secure Wi-Fi networks. 

If you’re in a public space, don’t connect to an open Wi-Fi network to carry out a bank transaction. 

Never install software or updates over a public network. 

We also recommend that you:

• protect your computer with an anti-virus program and keep your software updated;

• don't disclose your personal data on forums, social networks, or unknown sites;

• don't buy products from websites which seem suspect to you; if you have the slightest doubt, leave the site at once;

• don't provide any personal data if you use public WiFi networks, which often have low security.

The most common scams

Cybercriminals are becoming more and more devious when it comes to devising new forms of attack. However, there are some scams that follow tried-and-tested patterns. 

Learn to spot them so you don’t get caught out. 

• CEO fraud

• phishing
  
  
• unsecure retail websites

• investments that seem too good to be true
  
  
• fake websites that come up in Google searches – do not use the Google search bar to access your Web Banking

Take care at ATMs

Some basic precautions when withdrawing cash from ATMs:

• Cover the PIN pad when entering your PIN.
  
• Be aware of what is happening around you.
  
• Check that no one is looking over your shoulder to see your PIN.
  
• Refuse all offers of help. Do not allow yourself to be distracted by strangers trying to speak to you.
  
• Check the ATM for any evidence of tampering, such as paint on the camera and/or on the mirror.
  
• Be particularly careful if your card is not returned and a stranger offers to try to retrieve it and asks you to re-enter your PIN.
  

As soon as you get the impression that the withdrawal is not going as expected (e.g. your card and/or money has not been issued but the ATM is not displaying an error message), call Worldline Financial Services (Europe) S.A. immediately on (+352) 49 10 10, 24/7 to block your card.

Interactions with the bank

BGL BNP Paribas does not include links in text messages and will never ask you for confidential information (OTP token, username, password, card code, etc.) by e-mail, text message or telephone. 

Be careful when you receive an e-mail or text message purporting to be from BGL BNP Paribas or another service provider. Check the identity of the sender before clicking on any links or opening any attachments. 

In case of doubt, please contact our Client Service on (+352) 42 42-2000.

Our solutions to keep you safe

LuxTrust 

A LuxTrust Token is a digital certificate that confirms your identity. It generates a single-use code that you enter when you access Web Banking or when you carry out your transactions. It is linked to a password chosen by you. 

A LuxTrust Token can take the form of a small device or a mobile application: LuxTrust Mobile.

3D Secure for your online purchases

The 3D Secure system ensures the security of your online payments by bank card. You must have activated the 3D Secure function for your cards beforehand on the Web Banking site in the “Credit cards” section. 

Then, whenever you buy online on sites displaying the “Verified by Visa” or “Mastercard ID Check” logo, you will have to validate your payment either with your Token or with a code received by text message.

Secure messaging 

Whether you’re applying for a loan, sending attachments, obtaining information, etc., you can communicate securely with your account manager using the Web Banking messaging service available on the site and the application.

European PSD2 Directive 

Just like your bank, the European Union is concerned with banking security. The PSD2 Directive has introduced more stringent rules to guarantee your security and requires regular strong authentication on Web Banking. 

Specifically, if you have opted to connect without using a Token, you will still be asked for it every 90 days.