Cybercriminals have recently begun targeting their potential victims through the smartphone messenger app WhatsApp.
While the medium may have changed, their purpose remains the same: getting you to reveal your personal details and bank details – specifically, your debit card number and the codes displayed on your card reader when using online
banking services.
Meanwhile, these fraudsters can then use these details to access your online banking account and make payments – with you being none the wiser.
How the criminals operate?
Do you ever sell any used items online (e.g., through buy-and-sell websites)? If so, there’s a chance an ‘interested buyer’ will contact you on WhatsApp who, in reality, turns out to be a scammer. Before transferring the amount to your account, this
criminal first asks you to transfer a marginal amount (say, €0.01) to his account ‘just to check that everything’s OK.’
The scammer then sends you a WhatsApp message containing a link.This link will direct you to a counterfeit website.
There, you are asked to:
1. enter your card number;
2. enter your response codes (these are the codes displayed on your card reader when making transactions).
Once they have their hands on your card number and response codes, they can log in to bank online in your name and steal from you by fraudulently transferring money from your account.
How can you protect yourself against phishing via WhatsApp?
- For one, you should never respond to requests for payment from unknown parties.
If you need to make a bank transfer, simply log in to the KBC-website
(www.kbc.be) or use KBC Mobile.
- If you’re buying something online, you only need the seller’s account number (IBAN) to transfer a payment.
- If you’re selling something online, it’s sufficient to give the buyer your bank account number (IBAN).
If they ask for any other details, it’s very likely you’re dealing with a criminal.
- Always keep your PIN and the codes generated by your card reader a secret – they are the key that unlocks your money and they are personal to you.
- Please note: Scammers are increasingly using bogus websites with URLs starting with https://. The ‘s’ in https stands for ‘secure’ and tells you you’re using a secure connection. However, this provides no guarantee that the party you’re dealing with is trustworthy.
To find out if the KBC website or KBC Touch you’re using is legitimate, check the URL in your browser address bar:
- The URL of the KBC-website starts with www.kbc.be.
- The URL for KBC-Touch starts with 'https://KBCtouch.KBC.be'.