Criminals are increasingly trying to trick us online and steal our personal details. First, they send a fake e-mail and then they call you up.
We will never ask you for the codes you generate with your card reader.
How criminals go about phishing on the phone
The criminals send you a fake e-mail alerting you to a critical
problem, such as your account being frozen or a suspicion of fraud
using your credit card.
You can quickly resolve the issue by opening a link and then entering certain personal details, like your name, address, telephone number and your card number on a fake website.
The scammers call you in reference to the fake e-mail and try to gain your trust, addressing you by name and saying that you should never pass on your bank card's PIN because it's secret.
They then ask you to generate at least two codes with your card reader. They need the first code to log in to your online banking application and the second to sign a transfer.
Once the criminals have your card number and at least two codes generated by your card reader, they can log in to your online banking account and make a fraudulent transfer.
Protect yourself from phishing on the phone
- For one, you should never respond to requests for payment from
If you need to make a bank transfer, simply log in to the KBC-website
(www.kbc.be) or use KBC Mobile.
- If you’re buying something online, you only need the seller’s account number (IBAN) to transfer a payment.
- If you’re selling something online, it’s sufficient to give the buyer your bank account number (IBAN).
If they ask for any other details, it’s very likely you’re dealing with a criminal.
- Don't take everything you read in an
e-mail on simple trust. We'll never e-mail you to solve a problem
with your account or the online banking service you use with
Fraudsters can easily add a KBC logo to an e-mail or fake the sender's name. So, if you're in any doubt, forward the suspicious e-mail to firstname.lastname@example.org.
- Always keep your PIN and the codes generated by your card reader a secret – they are the key that unlocks your money and they are strictly personal.
Please note: Scammers are increasingly using bogus websites
with URLs starting wit https://. The ‘s’ in https stands for
‘secure’ and tells you you’re using a secure connection. However,
this provides no guarantee that the party you’re dealing with is
To find out if the KBC website or KBC Touch you’re using is legitimate, check the URL in your browser address bar:
- The URL of the KBC-website starts with www.kbc.be.
- The URL for KBC-Touch starts with 'https://KBCtouch.KBC.be'.
Always keep your PIN and the codes generated by your card reader a secret – they are the key that unlocks your money and they are personal to you.
Our Cybersecurity Service includes virus and phishing
protection software that protects your devices and your online
activities from attack by cybercriminals.