Phishing via second hand websites

Phishing via second hand websites

Cybercriminals have recently begun targeting their potential victims through the smartphone messenger app WhatsApp.

While the medium may have changed, their purpose remains the same: getting you to reveal your personal details and bank details – specifically, your debit card number and the codes displayed on your card reader when using online
banking services. 
Meanwhile, these fraudsters can then use these details to access your online banking account and make payments – with you being none the wiser.

How the criminals operate?

Do you ever sell any used items online (e.g., through buy-and-sell websites)? If so, there’s a chance an ‘interested buyer’ will contact you on WhatsApp who, in reality, turns out to be a scammer. Before transferring the amount to your account, this
criminal first asks you to transfer a marginal amount (say, €0.01) to his account ‘just to check that everything’s OK.’

The scammer then sends you a WhatsApp message containing a link.This link will direct you to a counterfeit website.

There, you are asked to:

1.  enter your card number;

2. enter your response codes (these are the codes displayed on your card reader when making transactions).

Once they have their hands on your card number and response codes, they can log in to bank online in your name and steal from you by fraudulently transferring money from your account.

How can you protect yourself against phishing via WhatsApp?

  • For one, you should never respond to requests for payment from unknown parties.
    If you need to make a bank transfer, simply log in to the KBC Brussels-website
    ( or use KBC Brussels Mobile.
        -    If you’re buying something online, you only need the seller’s account number (IBAN) to transfer a payment.
        -    If you’re selling something online, it’s sufficient to give the buyer your bank account number (IBAN).
    If they ask for any other details, it’s very likely you’re dealing with a criminal.
  • Always keep your PIN and the codes generated by your card reader a secret – they are the key that unlocks your money and they are personal to you.
  •  Please note: Scammers are increasingly using bogus websites with URLs starting with https://. The ‘s’ in https stands for ‘secure’ and tells you you’re using a secure connection. However, this provides no guarantee that the party you’re dealing with is trustworthy.
    To find out if the KBC Brussels website or KBC Brussels Touch you’re using is legitimate, check the URL in your browser address bar: 
        -    The URL of the KBC Brussels-website starts with
        -    The URL for KBC Brussels-Touch starts with ''.

KBC Brussels Antivirus Software Package

Protect your computers, tablets and smartphones against viruses and unsafe websites.

Debit card phishing by e-mail

Phishing by e-mail

Scammers send you an e-mail with a link to a fake website. There, they ask for your personal data and bank details. However, never share your secret codes!

Spotted something suspicious?

Email us at