What is smishing?
A form of phishing, smishing (SMS phishing) is when criminals try to steal personal details from you by text or SMS message. Smishing scam text messages frequently contain links to fake websites, where scammers often try to frighten or rush you into doing something. They usually try to trick you into giving out personal or financial information, such as your debit card number and card reader codes for online banking.
They can then use your details to pretend to be you and access your online banking account to transfer money from it.
Don't get caught out by fraudsters! We'll never text you a link and ask you to open it to enter your card reader codes.
How do criminals operate?
You get a text message containing a link from scammers pretending to be us.
- Due to reduced staff caused by the coronavirus outbreak, we’re asking our customers to register their IP address using their card reader. Client portal https://... (link).
- Dear Customer. You’re logged in on an unknown device. Wasn’t you? Verify your KBC account using the link below.
- KBC: Your current debit card has expired. Request a new debit card now free of charge to avoid your account getting blocked via https://... (link).
- KBC alert: your details have just been used to log in to our banking app. Wasn't you? Verify now at https://... (link).
The link in the text message takes you to a fake website that looks like ours, where the scammers try to trick you into entering your:
debit card number
online banking login codes that you generate with your card reader
codes for signing and authorising transactions that you generate with your card reader
Once they have your card number and codes, they can use our Touch or Mobile app to log into your online or mobile banking account to bank online in your name and steal money from your account.
- Question every text message that you receive. Fraudsters can easily add a KBC logo to an e-mail or fake the sender’s name. If you’re in any doubt, forward suspicious text messages to firstname.lastname@example.org. We’ll never text you to solve a problem with your account or the online banking service you use with us.
- Save the real KBC website (https://www.kbc.be) as a favourite or enter the address manually in your browser.
- Keep the codes you generate with your card reader secret, just like your debit card PIN. They are the key that unlocks your money and they are strictly personal to you. We’ll never ask you for them by e-mail, text message or phone.
Watch out! Scammers are increasingly using bogus websites with URLs starting with https://. The ‘s’ in https stands for ‘secure’ and tells you you’re using a secure connection. However, that’s no guarantee that the party you’re dealing with is trustworthy.
Verify that the KBC website or KBC Touch you’re using is legitimate.
Check the URL in your browser address bar and make sure that the:
- KBC website address starts with ‘https://www.kbc.be’
- KBC Touch address starts with 'https://kbctouch.kbc.be'
Our Cybersecurity Service includes virus and phishing protection software that protects your devices and your online activities from attack by cybercriminals.