Can you recognise phishing?
You’ve heard a lot about phishing but never actually encountered it - or maybe you’ve already received a phishing message and would like to know how to protect yourself. This is an easy guide for you to recognise malicious messages and take actions.
The golden rules of self-defence
- Never share your access codes for InsideBusiness with anyone.
- Stop immediately and close your browser when in doubt about the legitimacy of the page you’re on.
- ING would never send you a link to log into InsideBusiness via an SMS or email.
Here are some pointers to help you identify a phishing email:
- Does the email contain a link to InsideBusiness? If so, it is phishing, as ING would never send you a link to InsideBusiness via an email
- The link in the email does not direct you to our website (Know more about how to check a URL?)
- And stay alert on unknown emails
- Update your devices with the latest patches for best protection
Remember the basic email verification method of SLAM:
- S(ender): verify the sender. Look at the sender's name. Does it sound legitimate, or is it trying to mimic someone you know? Hoover over the sender’s email address to reveal the actual email address.
- L(ink): inspect the URLs without clicking on them. Hoover over the link to reveal the actual link. Does the actual link make sense? Or are they trying to bring you to an unsafe website?
- A(ttachment): don’t download the content or any attachments if you are in doubt.
- M(essage): ignore when email application asks for script allowance, or any other strange notifications. Does the email make sense? Do you feel you can trust it? Does the email ask you to act urgently? Is the spelling, grammar and punctuation being poor? Be extra suspicious of words like 'send these details within 24 hours' or 'you have been a victim of crime, click here immediately'.
SLAM the door on the face of the fraudsters.
SMS messages are often used by fraudsters to make you panic and prompt you to react quickly. The message often contains an urgent alert (e.g., “we have blocked your account”; “an unknown computer has connected to your account”; “your payments are blocked”).
Don’t be distracted by the urgency. First check the following: does the SMS contain a clickable link? If so, it isn’t ING, as we will not send an SMS with active links. If the SMS provides you with a (short) link, do not click it.
Fraudsters can use any messaging tool to trap you. Whether it’s Facebook Messenger, WhatsApp, Telegram or Snapchat etc., the same rules apply: always check the message sender; never make a payment via a messaging application; never share the access codes for InsideBusiness.
Urgent or threatening messages are very often false, inciting you to act quickly instead of checking whether the communication is genuine.
Report potentially malicious email messages
If you receive a message of this type, please send it to us at the following address: email@example.com
If possible, send the suspicious email as an attachment. You can do so by creating a new email and dragging the suspicious email to the new email. You can also select the suspicious email in the inbox of Outlook and press: Ctrl-Alt-F. This will automatically create a new email.
Do not send any personal data or documents containing your personal data. For more information about your rights, please refer to the Privacy Statement on our website.
Always go to your bank's site directly
The safest way to go to your online bank is to go to the bank's website yourself by opening, directly, a new window in your browser and entering your bank's website address manually. From here, you can add your bank's log in page to your bookmarks so you can get to the site quickly and safely.
However, if you choose to use a search engine anyway, be very cautious when you click on the search result. Fraudsters sometimes create fake advertisements which will pop up as the first result, trying to trick you into clicking on the first result. And you are led to the fake website instead of the website of your bank.