What is smishing?

Scammers send a text message with a link to a fake website.
They often try to create a feeling of fear and urgency.
On that fake website, they ask for the card number of your debit card and the codes you create with the card reader.
Behind the scenes, the fraudsters use these details to log into the real KBC website and make payments on your behalf.

Don't go into this! We never ask you by text message to click on a link and then enter the numerical codes of your card reader.

How do criminals operate?

Scammers send a text message in the name of KBC with a link.

A few examples:

  • because of the reduced staff due to the spread of the coronavirus, we ask our customers to register their ip-address using their card reader. Client portal https://...
  • Dear client, you are logged in on an unknown device. Weren't you? Please check your KBC Brussels via the link at the bottom.
  • KBC Brussels: Your current debit card expires before use. Request the renewed debit card now completely free of charge and prevent blockage via: https://... (link).
  • KBC Brussels-info: your data have just been used to log on to the APP. Wasn't this you? Verify now via https://... (link).

The link in the text message will take you to a fake KBC Brussels website.
There they ask you to fill in the following information: 


the card number of your debit card

the code you create with your card reader to log in


the code you create with your card reader to sign

Once the criminals have your card number and your codes, they can log into Touch or Mobile on your behalf and make fraudulent payments.

How can you protect yourself against smishing?

  • Don't blindly believe every text message. Crooks can easily add a KBC Brussels logo or forge the sender's name. If in doubt, send the suspect text message to KBC Brussels will never approach you to solve a problem with your account or your banking application online.
  • Save the real KBC Brussels website 'https://www.KBC' in your favourites or enter the address manually.
  • Always keep the codes you create with the card reader secret, as well as the PIN code of your debit card. They give access to your money and are strictly personal. KBC Brussels will never ask you for them, not even by e-mail, text message or telephone.

Attention: scammers are increasingly using fake websites whose web address starts with https://. The 's' in https stands for "secure" and indicates that the connection is secure. However, it does not guarantee that the party you are communicating with can be trusted.
Do you want to know whether you are dealing with the real KBC Brussels website or KBC Brussels-Touch?
Then check the web address in the address bar at the top of your browser.

  • The web address of the KBC Brussels website starts with ''.
  • The web address of %%bank%%-Touch starts with 'https://%%bankTouch.KBC'. 

Our Cybersecurity Service includes virus and phishing protection software that protects your devices and your online activities from attack by cybercriminals.
Learn more.

Report internet fraud


What is phishing? How can you protect yourself against phishing?
We use cookies and similar technologies to make our website work better for you and ensure your online experience with us is more enjoyable and rewarding. We may also adapt our website to your needs and preferences. By continuing to use this website, you consent to our use of cookies.Learn more or reject cookies.