Private Persons
Businesses
Private Banking
Commercial Banking
All websites
Find a branch near you Got a question, problem, complaint?
Login Login Login Login Login Login
Search Join us Open a current account Login Login Login Login Login Login

Phishing by e-mail

Phishing by e-mail

Fraudsters don't usually call to try and steal your codes nowadays. They'll more likely e-mail or text you with a link to a fake website. They often try to frighten and urge you into doing something, such as entering your personal and bank details and even security credentials (like card reader response codes for online banking) on their scam website. The unseen fraudsters will then log into the genuine KBC website to make payments or change your client details.

How do these criminals operate?


The e-mail contains a link that tricks you into going to a fake website, telling you to:  

  • Enter your personal details and card number
  • Provide your response codes

Once they have their hands on your card number and response code, they can log in to bank online in your name and steal from you by fraudulently transferring money from your account.

How can I protect myself against dynamic phishing?

  • For one, you should never respond to requests for payment from unknown parties.
    If you need to make a bank transfer, simply log in to the KBC Brussels-website (www.kbcbrussels.be) or use KBC Brussels Mobile.
        -    If you’re buying something online, you only need the seller’s account number (IBAN) to transfer a payment.
        -    If you’re selling something online, it’s sufficient to give the buyer your bank account number (IBAN).
    If they ask for any other details, it’s very likely you’re dealing with a criminal.
  • Keep the codes you generate with your card reader secret, just like your PIN. They are the key that unlocks your money and they're personal to you. We will never ask you for them, whether by e-mail or text message or over the phone.
  • Verify the messages and instructions on your card reader.
  • Always keep your PIN and the codes generated by your card reader a secret – they are the key that unlocks your money and they are strictly personal.
  • Please note: Scammers are increasingly using bogus websites with URLs starting with https://. The ‘s’ in https stands for ‘secure’ and tells you you’re using a secure connection. However, this provides no guarantee that the party you’re dealing with is trustworthy.
    To find out if the KBC Brussels website or KBC Brussels Touch you’re using is legitimate, check the URL in your browser address bar: 
        -    The URL of the KBC Brussels-website starts with www.kbcbrussels.be.
        -    The URL for KBC Brussels-Touch starts with 'https://KBC Brusselstouch.KBC Brussels.be'.
  • Keep the codes you generate with your card reader secret, just like your PIN. They are the key that unlocks your money and they're personal to you. We will never ask you for them, whether by e-mail or text message or over the phone.

How do I know if an e-mail really comes from KBC Brussels?

1. Check the sender's domain

The sender's domain is the last two words after the ‘@’ sign in their e-mail address. If the e-mail address not visible, hover your cursor over the sender’s name. If you’re reading the e-mail on your smartphone, tap and hold the sender’s name until a pop-up with the e-mail address is shown.

KBC Brussels usually uses the following domains:

  • @kbcbrussels.be
  • @news.kbcbrussels.be
  • @kbcmail.be
  • @kbc.be
  • @mail-kbc.be

If you’ve received an e-mail from KBC Brussels with a different domain, it may be a phishing e-mail. If you’re not sure, send it to secure4u@kbc.be and our experts will check it for you.

2. Check the link in the e-mail

If you think an e-mail is a phishing attempt and it asks you to click on a link, hover your cursor over the link without clicking and an address will appear at the bottom left of your screen showing where the link would take you if you opened it.

If you’re reading the e-mail on your smartphone, tap and hold the link until a pop-up with the web address is displayed.

The link is secure if the last two parts of the section between the double slash and the first single slash are one of KBC Brussels's official domains.

https://www.kbc.be/homeplans
http://content.kbcmail.be/

3. KBC Brussels will never ask you for the codes you generate with your card reader

If you’ve received an e-mail asking for them, it’s definitely a phishing attempt. You will often be given an untrue reason to do so, i.e. your debit card is about to expire and you need to replace it.

4. If you’re still unsure, Secure4u is on hand to help!

KBC Brussels werkt samen met externe onderzoeksbureaus IntrinsiQ, IPSOS en ProFacts om klantenbevragingen uit te voeren. Ze versturen zélf e-mails naar KBC Brussels-klanten met een uitnodiging om deel te nemen en gebruiken daarvoor hun eigen domeinnaam. De mails zijn ook vaak geschreven in een andere stijl. Twijfel je? Ook daarvoor kun je terecht bij de experts van Secure4u.

E-mails sent on behalf of KBC Brussels

KBC Brussels partners with external market research companies IntrinsiQ, IPSOS and ProFacts to conduct customer surveys. These companies send e-mails to KBC Brussels customers inviting them to participate in surveys and use their own domain name when doing so. Their e-mails are usually written in a different style. If you’re still not sure, you can always get the experts at Secure4u to check it for you.

Company Sender e-mail
IntrinsiQ @intrinsiq.be
IPSOS @ipsos.com
ProFacts @profacts.eu
KBC CyberSecure Insurance

Protect yourself and your family against scams and fraud with the KBC CyberSecure Insurance.

If you suspect fraud, inform us immediately

Phishing

What is this type of cybercrime? How do scammers work and how can you protect yourself from them?

KBC Brussels Antivirus Software Package

Protect your computers, tablets and smartphones against viruses and unsafe websites.