Cybercriminals have recently begun targeting their potential victims through the smartphone messenger app WhatsApp.
While the medium may have changed, their purpose remains the same:
getting you to reveal your personal details and bank details –
specifically, your debit card number and the codes displayed on your
card reader when using online
Meanwhile, these fraudsters can then use these details to access your online banking account and make payments – with you being none the wiser.
How the criminals operate?
Do you ever sell any used items online (e.g., through buy-and-sell
websites)? If so, there’s a chance an ‘interested buyer’ will contact
you on WhatsApp who, in reality, turns out to be a scammer. Before
transferring the amount to your account, this
criminal first asks you to transfer a marginal amount (say, €0.01) to his account ‘just to check that everything’s OK.’
The scammer then sends you a WhatsApp message containing a link.This link will direct you to a counterfeit website.
There, you are asked to:
1. enter your card number;
2. enter your response codes (these are the codes displayed on your card reader when making transactions).
Once they have their hands on your card number and response codes, they can log in to bank online in your name and steal from you by fraudulently transferring money from your account.
How can you protect yourself against phishing via WhatsApp?
- For one, you should never
respond to requests for payment from unknown parties.
If you need to make a bank transfer, simply log in to the KBC-website
(www.kbc.be) or use KBC Mobile.
- If you’re buying something online, you only need the seller’s account number (IBAN) to transfer a payment.
- If you’re selling something online, it’s sufficient to give the buyer your bank account number (IBAN).
If they ask for any other details, it’s very likely you’re dealing with a criminal.
- Always keep your PIN and the codes generated by your card reader a secret – they are the key that unlocks your money and they are personal to you.
note: Scammers are increasingly using bogus websites with URLs
starting with https://. The ‘s’ in https stands for ‘secure’ and
tells you you’re using a secure connection. However, this provides
no guarantee that the party you’re dealing with is
To find out if the KBC website or KBC Touch you’re using is legitimate, check the URL in your browser address bar:
- The URL of the KBC-website starts with www.kbc.be.
- The URL for KBC-Touch starts with 'https://KBCtouch.KBC.be'.