Warning concerning phishing attacks

The CSSF draws the attention of the public to the fact that some clients of Luxembourg banks were subject to phishing attacks via text messages. In these messages, the clients were asked to connect to their banking website using the link indicated in the message. This link directs the client to a fake website, which looks exactly like the bank’s website, in order to capture the identifiers of the user (user ID, password and possibly the single token number). As soon as the client enters the identifiers, the hacker uses them to connect on the authentic website of the bank in the name of the client and carries out payment operations in his/her name.

In order to avoid this fraud, it is strongly recommended to the client to enter manually the link to the authentic website of his/her bank and not to use the link provided in an email or a text message.