Phishing - smishing - vishing 

These terms describe the way fraudsters exploit loopholes in an organisation's or an individual’s human or social networks in order to obtain a service or key information. Using charm and sheer audacity, they abuse the trust of those they target taking advantage of their ignorance and lack of awareness.

Viewing this video may result in cookies being placed by the vendor of the video platform to which you will be directed. Given the refusal of the deposit of cookies that you have expressed, in order to respect your choice, we have blocked the playback of this video. If you want to continue and play the video, you must give us your consent by clicking on the button below or click here to learn more.
I accept - Launch the video

Social engineering by e-mail: phishing 

Phishing most often occurs in the form of an e-mail containing a link to a fake website which looks just like a genuine site. The aim of phishing e-mails is to be confused with legitimate e-mails sent out by your bank. Fraudsters very often capitalise on the psychological aspect by making the victim feel stressed and creating a false sense of alarm. Here are two examples of phishing e-mails targeting ING Luxembourg customers who have access to My ING and hold a Visa credit card.

Example 1

The real sender of the message seems to be part of the "@ing.lu"  domain but is in fact not. Indeed, the way email protocols work allows for the theft of a given email address. The recipient of this type of email (“spoofing” in this case) is put at ease by the sender. The text link invites the reader to click on it due to a situation of emergency and to further call a specific number which is not ING’s. By hovering over the link with the mouse we can see that it does not lead to a page from the https://www.ing.lu site, but to a different malicious website.  Alternatively, the thief could have invited the victim to visit a false ING web page in order to obtain confidential information.

Example 2

Here, it would appear that the message has been sent from the "@ing.lu" domain, meaning the trust of the reader is gained. Once again, the message portrays an emergency situation and invites the reader to react quickly, this time by calling a telephone number which is not an ING number. Alternatively, the hacker may invite the person to go to a web page to enter their personal and confidential information.

Social engineering by SMS : smishing

Smishing (a combination of the words SMS and phishing) is the attempt by fraudsters to acquire personal, financial or security information by text message. They act as a trustworthy source, impersonating a bank, card issuer or utility/service provider.

How does it work ?

The message will typically ask you (usually with a sense of urgency) to click on a link to a website or call a phone number in order to verify, update or reactivate your account.

The website link will lead to a bogus website and the phone number to a fraudster pretending to be from the legitimate company. The goal is to get you to disclose any information that can then help the fraudsters steal your money.

This image is a concrete example of smishing. The link and destination address are very often the first elements that will allow you to detect fraud. Other indicators may also help you to spot the scam.

What can you do ?

  • Don't click on links, attachments or images that you receive in unsolicited text messages without first verifying the sender. You can do so by searching the number online (if it is a scam, you might not be the first) or comparing it to the official number of the sender it claims to be originating from.
  • Don't be rushed. Take your time and make the appropriate checks.
  • Never respond to a text message that requests your PIN, online banking password or any other security credentials.
  • If you think you might have responded to a smishing text and provided your bank details, contact your bank immediately. 

Social engineering by telephone: vishing

Vishing is a telephone call from a person claiming to be an ING bank employee. This person makes the call with the aim of gathering personal and confidential information.

Fraudsters often capitalise on the psychological aspect by making the victim feel stressed and creating a false sense of alarm. A frequent example involves asking for your My ING login information to lift apparent security measures imposed on your account. In another case, the fraudster can pretend to be part of the IT department of the bank, or from Microsoft support, to invite the victim to download and install a software claiming an apparent software update or a new software, but which is in fact harmful.

Fraudulent case: the practice

My Money

How can we help?

Frequently asked questions

My ING - Your online banking solution

Log in and do your transactions when and where you want.

  • My ING, the online banking solution for individuals
  • My ING Pro, the online banking solution for business

 

My Team - Your Contact Center

For support on online banking, information on our products and our services or any other question, your Contact Center is available from Monday to Friday, 08.30 am to 06.00 pm.

Contact for the press

My Experts - Your network of branches

Our advisors are at your disposal to help you.

Cookies

We use cookies to enhance your experience. Basic cookies are essential for the proper working of this website. For example, they save your language preferences. They also help us gather anonymous information about the use of our site. More information in our Cookie Policy

I don't agree I agree