Stay vigilant: how to recognise and avoid scams
Phishing attacks are becoming increasingly sophisticated, with fraudsters constantly coming up with new ways to trick you into disclosing confidential information. They often pose as trusted organisations, like LuxTrust, claiming that they require your assistance in resolving made up issues, such as fraudulent transactions or security alerts. Their goal? To steal your personal data, LuxTrust credentials, or even your banking information, and ultimately gain access to your accounts and money.
Read on and download our practical guides to learn how to stay protected.
Unmasking the main social engineering threats
Social engineering involves manipulating people into revealing confidential information or performing actions that compromise their security. These attacks often involve opening suspicious documents or files or clicking on malicious links, sometimes disguised within a legitimate-looking websites or messages. According to a European Parliament survey and insights from our IT security experts, the top cyber threats in 2024 fall into four categories that you should watch out for:
- Phishing
Phishing is a type of cyberattack whereby fraudsters impersonate legitimate companies or individuals to steal sensitive information such as usernames, passwords, and credit card details. Their messages often contain links to fake websites that either collect your data or infect your device with a malware. These attacks exploit feelings of urgency, fear or curiosity. They prompt victims to act quickly without verifying the authenticity of the request. To detect them, always double-check the sender's email address and look out for anything suspicious before clicking on links or downloading attachments.
- Smishing
Smishing, short for SMS phishing, involves sending text messages that pressure you to act immediately by claiming your account has been compromised or a delivery has failed. These messages often contain malicious links that when clicked, can install a malware on your phone or direct you to a fake website designed to trick you into sharing your personal data.
- Vishing
Vishing, or voice phishing, uses phone calls from attackers posing as trusted organisations—such as banks, public institutions, or even LuxTrust—to deceive you into revealing sensitive or financial information. These scammers often sound convincing and create a false sense of urgency to push you into making quick decisions without verifying their identity, like sharing login credentials or validating a transaction.
- Quishing
Through quishing, also known as QR phishing, the fraudsters exploit the popularity and inherent trust in QR codes to disguise their malicious intent. Scanning a QR code from an untrusted source can lead you to fake websites or initiate a download that monitors your online activities, steals sensitive details, or gains access to your device. These codes may appear on posters, flyers, or even in emails. Always double-check the source of a QR code before scanning it and be cautious about the website linked to it.
Spotting red flags
All kind of phishing attacks often rely on a false sense of urgency to pressure you into reacting without thinking. Recently, fraudsters have been impersonating LuxTrust agents, claiming to be investigating suspicious transactions and urging users to provide their credentials or banking information immediately.
To protect yourself, keep these guidelines in mind:
- Be mindful of the email address, phone number and tone of the message. Phishers often use contact details that look almost identical to official ones. Look out for suspicious differences, such as odd punctuation or spelling mistakes.
- Never share your passwords or confidential information. LuxTrust will never ask you for this kind of data by phone, email, text message or even in person.
- Be cautious with links. Hover over them before clicking to see where they lead. Avoid clicking on links in unsolicited or suspicious messages.
Download and consult our anti-phishing guides to learn how phishing scams work and how to stay safe.
For additional resources, visit Cyberfraud.lu to learn how phishing works and to get more tips on protecting your data and digital identity. This platform was developed as part of an anti-cyber fraud campaign, led by the Luxembourg House of Cybersecurity and the Luxembourg Ministry of the Economy in collaboration with key industry partners, including LuxTrust. There you will also find helpful advice on how to recognise, avoid and report phishing attempts.
LuxTrust’s commitment to your security
We are committed to protecting our customers and users from fraudulent activities.
LuxTrust will never contact you directly to request confidential information such as passwords, one-time passwords (OTPs) or card PINs. We will never send anyone to your home to collect bankcards or authentication devices. If you receive such a request, it is most likely a fraud attempt. Do not respond and report it immediately.
If you think you have been targeted by a phishing scam and disclosed your personal information, contact your bank and/or LuxTrust immediately. You can reach our Customer care team by phone on +352 24 550 550 or by email at questions@luxtrust.lu.
Stay informed, stay vigilant and download our guides below. They explain common phishing techniques and how to spot fraud attempts made in the name of LuxTrust.