Phishing is the fraudulent acquisition of sensitive information from your payment card (card number, card validity, PIN, the three-digit CVC/CVV number on the back of the card).The fraudster tries to obtain this sensitive information from you by pretending to be a bank (or the VISA/MC corporation) or a merchant you already deal with (e.g., a postal carrier or supermarket).
Never disclose the whole number of your card or the CVC/CVV number on the back of the card, your PIN or the SMS authorisation code you receive to confirm a card payment online (3D Secure). If someone wants this information from you, it is definitely not us!
Phishing can occur via email, SMS, social media or fake websites, e.g., through a fake payment gateway or an ad. These details can also be elicited over the phone (known as vishing).
How can you protect yourself?
- Set a reasonable limit for online payments (if you do not make online payments on a daily basis, set your online payment limit to zero; that way, in the event of phishing, your card is protected). Online limits are reset daily. Setting and changing limits is free via your internet banking.
- Do not respond to requests to disclose information. Fraudsters use different tricks to get you to do so:
- They tell you that you have won goods or services but they require your card details to send them to you.
- They direct you to a fake website. Check the displayed URL (the ‘www’ address).
- They send you a warning message about a blocked card or account or about the need to change your password and ask you to provide your card details, usually by telling you to fill in a form. Do not respond!
- They send you a link to a website. Do not click on it! Instead, enter the URL or ‘www’ address manually or copy it directly into the address bar of your browser.
- They send you a request to pay an additional shipping fee for a package. Do not respond to the request. Additional charges can always be paid upon delivery.