Phishing by text message

Phishing by text message

What is smishing (SMS phishing)?

Scammers are increasingly sending text messages which contain a link to a fake website. The messages look like they come from a trusted source such as a bank, the government, a telecom operator, itsme or Card Stop.

The message is written in a direct and urgent tone, pressuring you to click the link.

Clicking the link will take you to a fake website that looks just like the real one. The scammers will then ask you to enter personal information or your bank details (your card number and the codes you generate with your card reader). They can then use your bank details to steal your money.

Don’t get caught out by scammers! We’ll never text you a link and ask you to open it to enter your card reader codes.

How the scam works

You get a text message containing a fake link from scammers pretending to be us. The link takes you to a fake website that looks like ours, where the scammers try to trick you into entering your:

  • debit card number
  • online banking login codes that you generate with your card reader
  • codes for signing and authorising transactions that you generate with your card reader

Once the criminals have your card number and these two codes, they can install Mobile in your name on their own device and steal money from your account.

A few tips on protecting yourself against smishing

  • Question every text message that you receive. Fraudsters can easily add a KBC Brussels logo to an e-mail or fake the sender’s name. If you’re in any doubt, forward suspicious text messages to We’ll never text you to solve a problem with your account or the online banking service you use with us.
  • Save the real KBC Brussels website ( as a favourite or enter the address manually in your browser.
  • Keep the codes you generate with your card reader secret, just like your debit card PIN. They are the key that unlocks your money and they are strictly personal to you. We’ll never ask you for them by e-mail, text message or phone.

Watch out! Scammers are increasingly using bogus websites with URLs starting with https://. The ‘s’ in https stands for ‘secure’ and tells you you’re using a secure connection. However, that’s no guarantee that the party you’re dealing with is trustworthy.

Verify that the KBC Brussels website or KBC Brussels Touch you’re using is legitimate.
Check the URL in your browser address bar and make sure that the:

  • KBC Brussels website address starts with ‘’
  • KBC Brussels Touch address starts with '' 

Spotted something suspicious?

Email us at


What is this type of cybercrime? How do scammers work and how can you protect yourself from them?