Be more vigilant than ever. In recent months, Luxembourg has suffered numerous phishing attacks by text message or email. The fraudsters’ goal is always the same: to obtain information about your bank accounts by impersonating an institution, organisation or business with a well-established reputation. After pretending to be Microsoft and streaming platforms like Amazon Prime and Netflix under various pretexts (a virus in your PC, urgent renewal of your subscription under penalty of termination, etc.), hackers are now targeting LuxTrust.
This is not the first time that the digital identity provider has been targeted by a phishing campaign, but this one is far more sophisticated than the previous ones.
How does it work in concrete terms? You receive by email - sometimes by text - a message supposedly from LuxTrust asking you to renew your certificate urgently. In general, the reason given for this is as follows. An update was necessary to make your online accounts more secure and easier to use. However, this could not be implemented owing to a security issue. To reactivate your certificate, you are asked to click on a link and, once redirected to a fake site, share your login details (username, password, one-time code, bank details, etc.). You’ve got it: you absolutely must not click on the link, otherwise your accounts will be quickly emptied.
It’s relatively straightforward, provided you adhere to the following recommendations:
If you have unfortunately clicked on the link and provided your credit card details as well as your LuxTrust login details, contact your bank and LuxTrust customer services immediately on +352 24 550 550 or by email to firstname.lastname@example.org
One last tip: if you haven't already done so, switch to the LuxTrust mobile application. This helps you obtain a One Time Password (OTP) required to confirm or finalise your transactions or operations. You no longer need to have your physical device such as a token or scanner at hand. You also benefit from greater security, as the application is fully integrated into your online banking. In other words, when the validity of your certificate is about to expire, your financial institution will ask you, via your online bank's secure messaging system, to renew it for free online. Security is also strengthened by the combination of your LuxTrust security data (username, password, OTP, secret image) with your smartphone’s fingerprint reader or facial recognition software.
Here are some simple rules to stop you from heading down the wrong track on social networks.
Finding a password which is easy to remember and effective against hacking is not always easy. So here are a few tips for creating a password which is easy to remember and very secure.
We have explained to you what phishing is – now we need to help you make sure you never fall into the trap!