Fraudsters don't usually call to try and steal your codes nowadays. They'll more likely e-mail or text you with a link to a fake website. They often try to frighten and urge you into doing something, such as entering your personal and bank details and even security credentials (like card reader response codes for online banking) on their scam website. The unseen fraudsters will then log into the genuine KBC website to make payments or change your client details.
How do these criminals operate?
The e-mail contains a link that tricks you into going to a fake website, telling you to:
- Enter your personal details and card number
- Provide your response codes
Once they have their hands on your card number and response code, they can log in to bank online in your name and steal from you by fraudulently transferring money from your account.
How can I protect myself against dynamic phishing?
- Keep the codes you generate with your card reader secret, just like your PIN. They are the key that unlocks your money and they're personal to you. We will never ask you for them, whether by e-mail or text message or over the phone.
- Verify the messages and instructions on your card reader.
- Check the website address in your browser's address bar to make sure you're on a secure website like ours that starts with https:// (‘s’ stands for ‘secure’) and that all or part of the address bar is coloured green (it'll be this colour if you're using a newer browser).
Our Cybersecurity Service includes virus and phishing
protection software that protects your devices and your online
activities from attack by cybercriminals.
How do I know it’s a real KBC e-mail?
1. Check the sender’s domain name
This is what you see after the @ in an e-mail address like the
highlighted section shown below.
We virtually always use these domains:
If you receive an e-mail with a different domain name purporting to be from us, it may be a phishing scam. Send it right away to firstname.lastname@example.org to have it checked by our specialists.
2. Verify links in e-mails
Treat e-mails asking you to open links with suspicion. Never open links without checking them first.
Hover over the link without clicking to see at the bottom left where
the link would take you if you opened it.
Links are secure if the two last parts of the section between the forward slashes are one of our official domain names like kbc.be, kbcmail.be and mail-kbc.be
4. Beware of supposed KBC e-mails requiring you to buy something or update your banking details (we’ll never do this)
We’ll never ask you for the codes you generate with your card reader.
If you get an e-mail asking you to do this, it’s definitely a phishing scam. It will often be under the pretence that your debit card is about to expire and you need to renew it.
Phishing anno 2018
Done everything above but still not sure whether an e-mail is
authentic? Send the suspect e-mail to email@example.com
and our security experts will check it for you.