Hey bunqers 🌈
Social engineering scams such as phishing have been developing and improving vigorously in recent years. That’s why we’d like to explain how you can easily recognise this type of fraud and keep your account secure.
Important Note: Always be careful with your personal data and make sure to never share it with third parties. bunq would never contact you outside of the bunq app or its official channels and ask for your credentials or any personal information (phone number, email address, Security Code, card number, IBAN, etc.). We will NEVER call you. If you’re receiving a phone call from a person claiming to be a bunq representative, hang up the phone and report the phishing with us.
Need to report a phishing incident to bunq? Fill out our Phishing form to report your incident and help us fight fraud! This topic outlines the reporting process.
I’ve lost access to my bunq account, what do I do?
If you somehow can’t recover the access to your account by resetting your Security Code, don’t hesitate to reach our SOS Support at +31208083666. Using this automated flow, you’ll be able to temporarily block your card and bunq account within 1 minute. This will keep your account and funds safe until you regain access.
If you suspect your account was hacked, please report the case by filling this form.
What’s phishing?
Phishing is a form of fraud where the scammer tries to impersonate reputable companies contacting you by emails, texts, social media, phone calls, etc. The purpose of this is to trick you into sharing your personal details such as passwords, account details, and card numbers in order to gain access to your funds.
How can I avoid being phished? 🙅♂️
Never give away your login credentials or personal information
- bunq will never ask users to provide login or personal information outside of the app. If someone pretending to be us is asking for this information, it is a scam and you shouldn't give any information.
Check the format and spelling in messages
- Fraudsters often go to great lengths to make their fake sources appear credible by copying the format and communication methods utilized by legitimate companies. Those fraudulent sources often contain spelling mistakes.
Watch out for fake websites
- The only bunq website where you have to enter your login credentials is https://web.bunq.com/. Always make sure you’re on this website if you need to provide sensitive information of this kind.
Contact us via our official channels
- If you receive an email from a source you recognize (like bunq) but it appears slightly off or suspicious, contact us to confirm that it’s authentic. This also helps us to identify new scams.
Be careful with your posts on social media
- When posting on social media, be careful with your personal information like your date of birth, vacation plans, address, phone number etc. This information can be used by criminals in an attempt to scam you.
Check the URLs of the links you click on
- It’s always better to check and verify the link (especially in hyperlinked texts) that it indeed includes the legitimate domain name of the website you’re about to access. If in doubt, spend an extra 10 seconds to manually go to the desired page via the official website.
How can I recognize a Phishing attempt?
Phishing can take a lot of different forms. Fraudsters can email you, send you a text message (SMS or other means) and even call you pretending to be bunq in order to trick you into giving away personal details that will help them gain access to our account. They will insinuate a situation of urgency such as an unrecognized device detected on your account, change of personal details information, something wrong is going on with your account and you need to verify it, etc. A link ‘for your convenience’ is provided and the moment you follow it and input any personal details (username, password, IBAN, etc.), they already got what they needed - THE ACCESS. You may also receive an SMS, an email or a phone call from a company telling you that you need to pay a certain ‘fee’ but require your credentials in order to proceed.
Our domain name is bunq.com. Every link which is different from https://www.bunq.com/ or https://together.bunq.com/ claiming to be a source of information is fraudulent. If you don’t see it in the URL address of the webpage, this means that link is not managed by bunq. Any variations such as bunq.xxx.com, a.id/abcd-bunq or abcd.buzz/bunq are all fake. If you come across such links, please report them here using our Phishing report form.
Here are examples of what a fake email messages, SMS or website look like:
Important: Fraudsters can misuse online tools to fake our name in the sender field of their SMS/text, therefore your smartphone may automatically insert fraudulent messages in the same thread as legitimate messages you’ve previously received from us.
Don't block our number, even if you've received the phishing SMS from there. This way we won't be able to actually send you messages which will help you to finish your verification or do other matters through the app
What will happen after I report a phishing case?
Our dedicated team will be made aware of your report and will take immediate actions to take down the phishing websites, links or accounts.
What if I’m a victim of phishing myself?
If you’ve fallen victim to phishing or other fraud, take immediate action. Please read the topic I’ve been scammed, what can I do?’. This lays out the steps you need to take to secure your account and report the fraud so we can start working on a solution for you.
How to keep your bunq account extra secured?
The ways to keep your account secure are plenty and most rely on your own vigilance and responsibility towards your personal information
You can do these every once in a while:
- Change your Security Code: go to Security to change your Security Code. This will end all active sessions, preventing unauthorized access.
- Check Devices: go to Security and tap on "Devices". From there, delete any device that you don't recognize.
- Check your email and phone number: go to Profile and tap on “Personal Information”. From there, delete any phone number or email address that you don't recognize.
Additionally, we have some cool features that can help you extra secure your account. For example:
Automatically logout when closing the bunq app: You can adjust your Auto Logout to ensure that you're always logged out as soon as you leave the bunq app. To do so, follow the steps mentioned below:
- Go to 👤 Profile
- Click on ⚙️ Setting in the top right corner
- Tap on Security
- Tap on Auto Logout
- Tap on Stay logged in for
- Choose 0 seconds
Rotating CVC: You can set your CVC to be automatically generated for extra security. To do so, follow the steps below:
- Go to 🏠 Home
- Select Cards
- Select the card
- The info will be shown on the screen
Received an email and not sure if it’s phishing?
If you've received an email and you're not sure if it's phishing, check out the actual domains we use to communicate with you through email:
- @ bunq.com - This is our primary domain and is used for transactional emails.
- @ update.bunq.com - This subdomain is dedicated to sending bunq Update invites and general announcements.
- @ hello.bunq.com - This sub-domain is used for marketing communications.
- review@bunq.com - This email is used when we require extensive information and request additional documents from you.
Related topics
Want to learn more? Explore more bunq knowledge here ✨
