• Sustainability

  • SMS with link to login - is it phishing?

Today at 19:36 I received a text message stating that my data were not fully verified. I was urged to react immediately through bunq-bericht.com to prevent that my account would be blocked. That's what I did, but became suspicious when the message came that the log-in was incorrect and that I had to repeat the procedure.
I've immediately changed the code. Is there something else that I should do?

    Hoi ik heb ook al enkele sms’en gehad. Niet naar de link gaan.

      bunq-bericht.com is very suspicious, and not a real bunq website. Keep in mind that bunq normally doesn't text you important information, they only send it to you via the in-app chat. Things you can do now:

      • Change the security code (you already did this)
      • Check the devices you're logged into, to check if you see something suspicious. Go to: "Profile > Settings > Security > Phones"

        @Willem-Maroon-Llama#247582 🚨That’s phishing ❗️
        Bunq will never contact you like this. Please keep in mind, that you never share private or login information with instances you don’t trust.
        More information about phishing here: https://together.bunq.com/d/19654

        On this website you can check if your data has been compromised and is part in one of several leaks around the internet:
        https://haveibeenpwned.com/

          Thank you all for your quick response. Fortunately I've got only one device.

            For the rest I blocked the sender of the message, hoping that might help a little bit.

              @Willem-Maroon-Llama#247590 Was the sender "bunq"? Or something else?

                @Willem-Maroon-Llama#247592 SMS text messages are fundamentally insecure, even worse than e-mail in some regards. Anybody can spoof the sender name, that's just how the system works unfortunately. When you block the "bunq" sender, you also will block legitimate text messages from bunq, as there's no way for your phone to distinguish between what is a real and a fake sender name (there's no such notion when it comes to SMS). Therefore it might be counter-productive.

                What you can be sure about is that bunq will always use their own domain bunq.com for hosting any important websites. Any SMS or e-mail that leads you to page that doesn't belong to bunq.com is highly likely to be a phishing attempt. Other than SMS sender names, the communication between your web browser and web servers is usually protected quite well and spoofing anything nearly impossible for a fraudster.

                And if in doubt: contact bunq Support through the in-app support chat first before doing anything else. The official bunq app has extra protections to make sure that the information exchanged through it is encrypted and is only accessible by you and bunq itself, and no third-parties. That's also the reason why bunq will reach out to you via the app if there is any issue with your account, and not via SMS or e-mail (they certainly wouldn't include a link leading to a login page).

                Some more good tips and knowledge about phishing:

                  Thank you. You're making it very clear.

                    Achtung! bunq-bericht.com ist eine Phishing-Seite! Wenn man dort seine Daten eingibt, haben die Betrüger sofort Zugriff auf dein Konto. Daher ändere deine Daten (Passwort) so schnell wie möglich, am besten sofort.

                      Jakob changed the title to SMS with link to login - is it phishing?.

                        Danke Andy, ich habe tatsächlich die Code unmittelbar geändert.

                          Write a Reply...