Financial scams - know how to identify and avoid fraud
With the development of digital technologies, cybercrime targets everyone, from private individuals to large corporates. The goal of fraudsters is simple – to steal your money and/or your personal data. To these ends, fraudsters are constantly evolving their attack techniques; these are sophisticated and multi-formed and continuously taking advantage of current events, such as the remote working environment. It is therefore of utmost importance that you remain vigilant and act with caution.
At Swissquote, the security of our clients is a high priority. For this reason, we provide below an overview of the most common scams and the main recommendations on how to protect yourself and prevent them, along with security guidance for your payments.
Common types of scams
There are various types of financial scams. Some of the most common one include:
It refers to fraudulent email (Phishing) or SMS (Smishing) with the intent that you reveal sensitive/personal data while being confused with a legitimate request.
Popular topics include:
Fraudulent saving opportunities
Often called "savings products" or "savings accounts", that offer you an investment opportunity, using a similar but fake contact address. The conditions offered are often suspicious, and may involve the promise of "guaranteed" returns, or abnormally high interest rates.
Investment scams
Investment scams typically involve financial investments with the promise of very high rates of return. The investments may be in any type of financial product, including real estate, royalties, commodities, precious metals and minerals or crypto currencies.
Lottery fraud
Recipients are advised that they have won a prize in a lottery. To obtain the funds, they are asked to respond to a message. A request will then be made for the recipient to provide his bank account details to allow for funds to be transferred. The recipient may also be asked to pay a handling/processing fee, which will be lost if paid. Also, any details given will probably be used to commit further fraud.
Fraudsters are creating hoax websites to deceive users, often in conjunction with a phishing email or smishing by mobile text messaging. Fraudsters aim to perpetrate identity theft, hoping users will visit these websites to reveal their identity, credentials, credit card or other payment details. In some of these phony schemes, the fraudsters will actively promote their hoax websites by paying for sponsored ads on major search engines. Malicious and harmful scams are preying on users’ trust by hiding behind the ads that sit on top of search pages. In fact, when people search on Google, Bing, Yahoo etc., using key words such as “Swissquote”, they may see two types of results: the corresponding search results and the online ads which can appear above the user search results. Typically the resulting links will send users to a login page directly imitating the corporate identity of Swissquote (logo and branding), hence taking advantage of the user’s trust and aiming to steal personal details (user name, password, etc.) or tempting users to take inappropriate actions (initiating payment instructions, etc.)
It refers to a telephone call where a fraudster attempts to pressure you into carrying out a money transaction, downloading a software, providing security details over the phone or stealing personal confidential information. The caller often claims to be a legitimate person, calling from your bank, police, a utility company, a government department or an IT support team. A second common tactic is to leave threatening voicemails that tell the recipient to call back immediately, or they risk being arrested, having bank account shut down, or worse.
Scammers target often their victims on dating websites or social media (like Facebook and WhatsApp) to make contact. Pay careful attention to how much sensitive data you share publically and enforce privacy settings on social media.
Be aware that criminals also try to recruit intermediary people (“Money mules”) who knowingly or, in certain cases, unknowingly helping in the money transfer acquired illegally in exchange for commission.
Scammers impersonate your CEO or CFO and trick you into the payment of a fake invoice, an unauthorized money transfer or to reveal sensitive data.
Scammers pretend to represent one of your suppliers or clients and trick you into the payment of a fake invoice into a different bank account or changing the details of a bank transfer mandate or standing order.
Scammers claim to represent a business directory and invite businesses to confirm or update sensitive data in an official-looking document.
Malware/Malicious software is a computer software causing harm to an IT system or its users. Malwares can infect your computer by different ways such as clicking in a phishing email link or by downloading software through a malicious website. Be aware that mobile and tablet devices can also receive malicious programs by downloading infected applications.
Plug-in is a computer software that is easily installed and delivers functions such as displaying images to your computer program. Plug-ins may be susceptible to causing security problems that often start with a loss of control of the computer with the intention of collecting sensitive data and/or installing malicious softwares/viruses. The most common way to detect a potential software threat is to use an updated antivirus program and to carry out the various operations explained on the antivirus solution provider’s site to eradicate these viruses.
How to spot a potential fraudulent email-SMS-website?
- Unsolicited email/SMS
- Being under pressure to act
- Claims of instant returns or high yield with no risk
- Bad spelling /grammar or clumsy expressions
- Unusual layout
- Email address or URL (website address) manipulated
- A link without the letters “https” at the beginning of the URL and without a closed padlock icon means that the website in unsecure
- The email contains a file extension such as .pif, .com, .bat, .exe, .vbs, .Ink
If you are not sure about a message, call or email you have received, report it.
Do not reply and never click any links or attachments to a questionable message. Contact the company or the individual through a trusted channel, using contact details you have or are publically available, not those on the suspicious message.
If it is related to your bank account, please contact phishing.lu@swissquote.lu.
We also recommend you to modify immediately the password you use to access your accounts if you think you've responded to a phishing email or SMS, or connected through a fake website. Do not hesitate to contact us for further security measures.
How Swissquote protects you
We are constantly reviewing the ways we protect our customers online or when they are in contact with our Customer Care.
We protect you by:
- Using encryption. We always use industry-standard encryption to protect your online transaction and data to safeguard your account from any unauthorised access.
- To authenticate you by Strong Customer Authentication (SCA) based on mobile phone authentication as an extra layer of protection. So you can only access your account once you have successfully authenticated yourself. Similarly, to make payment instructions you also need to confirm your instruction on the Swissquote mobile application.
- Creating secure online sessions. When you log in to your Swissquote account you are said to be in a secure session. You know you are in a secure session if the URL address begins with https://www.swissquote.lu and a padlock symbol appears at the top of the page as part of the address bar.
- Using session timeouts. If you forget to log off after banking online or your computer remains inactive for a period of time during a session, our systems automatically log you off.
- Implementing automatic lockouts. After a number of incorrect attempts to log in, the online access to your account is disabled. You should contact our Customer Care center to reactivate it.
- Informing you about some operations that may be unusual on your account
Swissquote will never ask you:
- to reveal personal data about yourselves (login, passwords, L3 card, personal or banking information) through an e-mail or text message
- to connect to websites that are not endorsed by Swissquote
- to call us on a new telephone number
- to make a cash transfer to a safe account or a new bank account (payment instructions can be verified on your online account at any time), nor hand over cash
- to carry out a "test" transaction online
- to take quick decisions or respond under pressure, especially through unsolicited messages
- to download an attachment or to install software or let anyone remotely log on to your computer or other devices either during or after a call
Swissquote will also never:
- send someone to your home to collect cash, bank cards or for any other financial interactions
- provide banking services through any mobile apps other than the Bank's official apps
Security guidance for your online payments
Online bank payments with Swissquote
- Always connect via www.swissquote.lu
- Use two-factor authentication method
Swissquote offers you secure internet banking account which is compliant with the legal requirements for Strong Customer Authentication (SCA) based on mobile phone authentication. - Never log into your bank account from a foreign or public computer and ensure you properly log out of your account.
- Monitor regularly your bank account statements and report to our Customer Care any illegitimate operations without delay.
Two-factor authentication process for a foolproof account
Step 1: Enter your username and password.
Step 2: Enter your Level 3 code
What is Level 3 code?
In order to provide a supplementary security layer to access your account, we provide a Level 3 code, either physical or electronic, that you’ll need to enter after your password.
Physical Level 3 Card
Downloaded on your online account
Electronic Mobile Level 3
Code sent to your smartphone
Always keep your Level 3 Card in a safe place and ensure that nobody can access it. Otherwise, use the Mobile Level 3 code function following this procedure.
What is the two-factor authentication process?
Our two-factor authentication process verifies your identity, by requiring two passcodes in order to access your Swissquote account:
A passcode you know:
your account password
A passcode you receive:
your Level 3 code
This allow us to guarantee the upmost security for your Swissquote account, so your money and personal data are as invulnerable as it gets.
Stay in control with these easy guidelines
Please follow these simple steps to safeguard your personal data:
- Do not disclose your log in and/or private information (to third parties or online). Do not leave documents like ID documents, account statements, bills in an unsecure place.
- Always use your personal Swissquote secure mailbox.
- Visit the Swissquote website by typing www.swissquote.lu in your browser. Do not "copy and paste" links provided in e-mails or text messages into your browser, neither use the web search engine function which may redirect you to fake websites.
- Never be rushed into anything, wait 5 minutes and reflect on what is being asked.
- Increase your system security. Secure your computer with effective security programs with regular updates. For example:
- Install a firewall
- Keep your operating system and web browser up to date and set up with automatic updates so you don’t miss out on important security patches. Most browsers have built-in protection against phishing and will notify you if you open a fraudulent website
- Use a recognised anti-virus software and update it regularly
- Use an anti-spam and anti-spyware programs
- Delete cookies, browser history and cache as often as possible - Do not share your computer or mobile phone and take precautions when using a shared or open-access computer (internet café, hotel lobby…) or wifi hotspot. Always log out of your session using the buttons or hyperlinks provided and close the browser.
- Make your password more secure.
– Keep them to yourself. Do not write it down
– Vary them
– Make them hard to guess. Combine capital and lowercase letters with numbers and special characters to create strong passwords
– Change them regularly - Learn to spot scams and what Swissquote will never ask you.
- Update your latest and valid personal details with the bank, such as mobile phone number to ensure correct correspondence for change confirmations when suspicious transactions appear.
- If you suspect that your statement or account details have been stolen or compromised, please contact us immediately to report the case. Report also any suspicious email links, attachments or websites associated with Swissquote to us at phishing.lu@swissquote.lu.
The website https://www.bee-secure.lu, supported by the Luxembourg government and providing useful information and recommendations, will help you to use the Internet responsibly and safely.