What is ‘phishing'?


Criminals use phishing – a pun on ‘fishing' – as a way of picking up information by phone or e-mail. That information then allows them to enter payments in your name. Customers of several Belgian banks have already been targeted by phishing attempts.

How phishing works by e-mail

You receive an e-mail, apparently from the bank or an official body, inviting you to click on a link. If you do so, you're taken to a website closely resembling the bank's official site.

You then have to enter confidential information. This is supposedly necessary in order to:

  • Activate your account;
  • Reactivate your account;
  • Check your account details;
  • Resynchronise the system following an update;
  • Prevent the data from being lost;
  • Maintain security.

Several other bogus reasons might also be used. You should never respond to such requests: under no circumstances will the bank ever ask you for confidential information by e-mail. If you receive such a request, therefore, a whole series of alarm bells ought to ring


How phishing works by phone

You receive a phone call following on from an earlier e-mail or perhaps even without one. The caller introduces him or herself as an employee of the bank, the bank's Helpdesk, or from some other official-sounding institution. He or she will then try to get you to divulge all sorts of information. Never respond to this: under no circumstances will the bank ever ask you for confidential information by phone. Terminate the call immediately. If you were able to read the number using your phone's caller-ID, please pass it on as quickly as possible to the PC banking Helpdesk. We will then investigate, in consultation with the police. Because secure online banking is in all our interests.


What should you always/never do?

  • Never respond to e-mail or phone requests to hand over confidential, personal financial information (card details, passwords, PIN codes, challenges, responses, etc.).
  • Have you received a phishing e-mail? Let us know straight away via the Web Security form, send a email to phishing@bnpparibasfortis.com or phone the PC banking Helpdesk on 02 433 43 31 (NL) or 02 433 43 32 (FR).
  • Did you pass on any confidential information? If so, call our PC banking Helpdesk immediately on 02 433 43 31 (NL) or 02 433 43 32 (FR).
  • Some websites are deceptively accurate. How can you be sure you're looking at the real BNP Paribas Fortis website?
    • The address you read in the address bar at the top of your browser should always begin with https://. That extra ‘s' stands for ‘secure';
    • You can also check the address by clicking on the little padlock icon. It should end in bnpparibasfortis.be. Pay particular attention to correct spelling;
    • When it comes to secure internet use, it's better to be too suspicious than too trusting. Cybercriminals are becoming more enterprising all the time, so a healthy dose of suspicion is always advisable when you're online. If you have the slightest suspicion that something is wrong when banking online, exit immediately and contact the PC banking Helpdesk.


Read the Belgian banks' recommendations about phishing

Watch a remarkable video about the importance of taking care online.