Phishing - smishing - vishing
These terms describe the way fraudsters exploit loopholes in an organisation's or an individual’s human or social networks in order to obtain a service or key information. Using charm and sheer audacity, they abuse the trust of those they target taking advantage of their ignorance and lack of awareness.
Social engineering by e-mail: phishing
Phishing most often occurs in the form of an e-mail containing a link to a fake website which looks just like a genuine site. The aim of phishing e-mails is to be confused with legitimate e-mails sent out by your bank. Fraudsters very often capitalise on the psychological aspect by making the victim feel stressed and creating a false sense of alarm. Here are two examples of phishing e-mails targeting ING Luxembourg customers who have access to My ING and hold a Visa credit card.
The real sender of the message seems to be part of the "@ing.lu" domain but is in fact not. Indeed, the way email protocols work allows for the theft of a given email address. The recipient of this type of email (“spoofing” in this case) is put at ease by the sender. The text link invites the reader to click on it due to a situation of emergency and to further call a specific number which is not ING’s. By hovering over the link with the mouse we can see that it does not lead to a page from the https://www.ing.lu site, but to a different malicious website. Alternatively, the thief could have invited the victim to visit a false ING web page in order to obtain confidential information.
Here, it would appear that the message has been sent from the "@ing.lu" domain, meaning the trust of the reader is gained. Once again, the message portrays an emergency situation and invites the reader to react quickly, this time by calling a telephone number which is not an ING number. Alternatively, the hacker may invite the person to go to a web page to enter their personal and confidential information.
Social engineering by SMS : smishing
Smishing (a combination of the words SMS and phishing) is the attempt by fraudsters to acquire personal, financial or security information by text message. They act as a trustworthy source, impersonating a bank, card issuer or utility/service provider.
How does it work ?
The message will typically ask you (usually with a sense of urgency) to click on a link to a website or call a phone number in order to verify, update or reactivate your account.
The website link will lead to a bogus website and the phone number to a fraudster pretending to be from the legitimate company. The goal is to get you to disclose any information that can then help the fraudsters steal your money.
This image is a concrete example of smishing. The link and destination address are very often the first elements that will allow you to detect fraud. Other indicators may also help you to spot the scam.
What can you do ?
- Don't click on links, attachments or images that you receive in unsolicited text messages without first verifying the sender. You can do so by searching the number online (if it is a scam, you might not be the first) or comparing it to the official number of the sender it claims to be originating from.
- Don't be rushed. Take your time and make the appropriate checks.
- Never respond to a text message that requests your PIN, online banking password or any other security credentials.
- If you think you might have responded to a smishing text and provided your bank details, contact your bank immediately.
Social engineering by telephone: vishing
Vishing is a telephone call from a person claiming to be an ING bank employee. This person makes the call with the aim of gathering personal and confidential information.
Fraudsters often capitalise on the psychological aspect by making the victim feel stressed and creating a false sense of alarm. A frequent example involves asking for your My ING login information to lift apparent security measures imposed on your account. In another case, the fraudster can pretend to be part of the IT department of the bank, or from Microsoft support, to invite the victim to download and install a software claiming an apparent software update or a new software, but which is in fact harmful.
Looking for your wallet, handing over some cash and checking the change back or digging for coins to pay the exact amount: we all know the daily grind of trying to quickly pay for the much-needed cup of coffee or the after-lunch pack of gum while the people in line behind us are getting impatient. Soon this hassle will be a thing of the past ...
We have explained to you what phishing is – now we need to help you make sure you never fall into the trap!
Today, we receive more e-mails than ever which demand our attention, meaning we are more vulnerable to phishing attacks. But what exactly is phishing?
How can we help?
Monday to Friday from 8:15 am to 5:30 pm.
Send your request to our Contact Center.
A complete network of ING branches for your convenience.
Book an appointment in just a few clicks.