Beware of internet scams and fraud
Please be aware of on-line fraud and scam attempts to collect your personal or login data. Remember that Banque Raiffeisen will never ask you to check or update your data or to log on to R-Net via a link sent by e-mail or SMS. To recognise the most common fraudulent messages and/or phishing attempts, please refer to the recommendations below.
Contact our help desk on 2450 2000 to address any doubts or questions you may have.
Phishing, the e-mail scam
At first glance, these e-mails resemble an official format. The logos, signatures, graphics, etc. you see are copied. In reality, these e-mails are sent by scammers who want to obtain your personal, financial or security data in order to access your account and take your money. To do this, they try to redirect you to a fake website to get your login details or personal data by imitating e-mails from our bank or other recognised organisations.
How to recognise a phishing e-mail?
- The sender's address is not the same as the one usually used to contact you. Beware of special characters that may be used to make it look more like the copied address: a '0' (zero) may be used instead of the letter 'o', etc.
- Cyber-criminals use language that suggests either coercion (e.g. you could be fined if you fail to respond to the email) or urgency (e.g. account may be blocked or you won’t be in compliance with new regulations).
- You are requested to download an attachment or to click on a link in the e-mail.
- The e-mail contains spelling or grammatical errors or inconsistencies in the message.
How to react when a phishing e-mail is received?
- Never reply to a suspicious e-mail. If in doubt, contact your advisor directly.
- Do not click on a suspicious link. Hover over it with your mouse to see which website it redirects to.
- Do not download attachments as they may contain viruses or malware (such as ransomware that captures your personal data until a ransom is paid).
- Be careful when using a mobile device. A phone or tablet may not be able to detect a fraud attempt easily. For one thing, there is no mouse for hovering over a link. It is also more difficult to notice mistakes on the smaller telephone screens of mobile devices.
- If you think you have responded to a fraudulent e-mail and provided your Raiffeisen bank data, contact us immediately.
Smishing: scams by SMS
The purpose of this fraud attempt is the same as that of phishing: the fraudsters want to obtain personal, financial or security data. To do this, they send SMS messages impersonating us or other organisations.
How to recognise an attempt at SMS smishing?
- The number used is an unknown number or is not the one usually used.
- The scammers use language that evokes either coercion (e.g. you may be fined if you fail to respond) or urgency (e.g. your account may be blocked, you won’t be in compliance with new regulations, etc.).
- You are requested to click on a link in the SMS or to call a telephone number to "verify", "update", or "reactivate" your account.
- The SMS may contain spelling or grammatical errors or inconsistencies in the message.
How should I respond to a smishing SMS?
- Don’t be in any hurry to respond. Take your time to check. If in doubt, contact your advisor directly.
- Do not click on a suspicious link in an SMS. This link usually leads to a fake website (spoofing) used to collect as much information as possible to steal money, important personal data, etc.
- Do not download images or attachments that you receive in unsolicited SMS messages.
- Never call back a number given in the SMS. You can look up the number on the Internet (if it is a fraud attempt you will certainly not be the first person to have been contacted) or compare it with an official number.
- Never respond to a message asking for your PIN, your online banking codes or any other security data.
- If you think you have responded to an attempt at SMS phishing and provided your Raiffeisen banking data, contact us immediately.
Vishing, the telephone scam
Scammers seek to obtain personal, financial or security data. To do this, they call you directly, pretending to be an advisor, branch manager, etc. As with previous fraud attempts, beware of any unexpected contact that asks you to perform an unusual action.
How to react to vishing
- Beware of unsolicited phone calls.
- Don't rush to answer the call, write down the caller's number and tell them you will call them back. You can then check the identity of the caller by contacting the official body cited directly.
- Do not assume that the caller is bona fide because they have information about you or your company. It is easy to find this information on the Internet these days.
- Never give out your credit card PIN or your online banking code.
- Never transfer money to another account at the caller's request.
- If you have received a suspicious call in the name of Banque Raiffeisen, contact us immediately.
Spoofing, the scam with fake websites
In order to get your financial and personal information, cyber-criminals may use fake websites that look like the original ones. Bank phishing emails or fraudulent SMS messages usually contain links to these fake sites, but these fake sites may also be accessible through a simple Internet search.
How to recognise a fraudulent site and what to do?
- Beware of sites with grammatical or spelling errors, poor visuals or strange design.
- Scammers often use a turn of phrase that suggests duress or urgency. We will never use wording of this type on our site.
- Never complete information requests through pop-up windows that appear on the screen. These are often used to gather sensitive information about you.
- More and more cyber-criminals are duplicating official websites, and in some cases it is difficult to recognise a fake site, so remain vigilant. For your safety, please take note of the following point concerning good practices to adopt in order to surf the Internet safely.
- If you think you are dealing with a fake Banque Raiffeisen website, please contact us immediately.
Banking security: adopt the right behaviour when surfing the Internet
Banque Raiffeisen does all that it can to guarantee the security of its online services. Nevertheless, you also need to remain alert and adopt a few good practices when it comes to security.
In the event of loss or theft of your LuxTrust Token, please contact LuxTrust immediately on (+352) 24 550 550.
Never reveal your user ID or password
- The same goes for your your access codes to the online banking R-Net and and its mobile app.
- Carefully select your passwords: they must be easy enough to remember but difficult enough for anyone else to guess! Change them regularly or when you suspect that they have been compromised.
- Keep your LuxTrust product and/or your R-Net Classic ID numbers in a safe place.
- Do not insert your card or LuxTrust stick until required for authentication and/or signature and remove it immediately afterwards.
- When using hardware that does not belong to you, disable the automatic storage of the data you enter in the browser.
Make sure you secure your computer, smartphone or tablet
- Set up your computer, smartphone or tablet so that access is protected by a code and do not reveal the code to anyone else.
- Only let your computer, smartphone or tablet connect to trusted networks (e.g. Wi-fi networks) or equipment. Do not enable privileges for unauthorised administrators on your smartphone or tablet (e.g. rooting on Android systems) and do not jailbreak the operating systems (e.g. on iPhone or iPad).
- Activate the automatic update of our operating system (e.g. Windows, Android or iOS) and browser.
- Make sure you have up-to-date antivirus software and regularly scan the content of your computer, smartphone or tablet.
- Install a firewall on your computer.
- Only install applications from a reliable source (e.g. Google Play Store, or Apple Store) on your smartphone or tablet.
Remain vigilant when you log on
- Always log on to Raiffeisen.net via the link on our website www.raiffeisen.lu or using the mobile app of the online banking R-Net.
- Be careful if you notice unusual behaviour on the desktop version of the online banking R-Net or on its mobile app, especially when logging on or confirming a transaction. If this happens, log out and contact us.
- Click on the button to log out when you have finished using the online banking R-Net or its mobile app.
- In your browser, check that you have a secure connection before you enter your login details look for the https:// prefix before the website address.
Do not reply to unusual requests
- Never reveal your access code or password to a third party. Banque Raiffeisen will never ask for this information: if someone asks you for it, contact us straight away.
- Never click on hypertext links you receive by email.
- As a priority, use the secure communication channel available in the Contact section of the online banking R-Net.
- Never let anyone take control of your computer unless you can confirm that they are an official employee of a technical support team from an entity of which you are already a client.