Luxtrust has issued a warning to clients as phishing scams are once again making the rounds, with fraudsters posing as the company in an attempt to steal personal data.

The current scam consists of clients receiving a message purporting to be from Luxtrust, claiming that illegal transactions have been identified on the client's account and demanding the client's personal details in order to rectify the situation.

Luxtrust says clients should never give out their personal information, despite the phishing attempts becoming more and more sophisticated and realistic. The company adds that it would never ask clients to share their personal details.

In an official statement released on Friday, Luxtrust offered advice on staying safe from phishing attempts.

Over the past few months, the attempts have become more numerous in Luxembourg, targeting clients via email, texts or phone calls. Emails and texts often contain a link, asking the victim to visit the site in order to update their details, or to access a service, but the links redirect to false websites where the scammers ask for credit card details or other personal information, such as Luxtrust user IDs and passwords.

The scammers also pose as Luxtrust employees over the phone, using claims of illegal transactions to put the victim in a state of stress and thereby render them more vulnerable. Clients receiving such phone calls are advised to hang up and report the scam to Luxtrust directly on +352 24 550 550, or via email at questions@luxtrust.lu.

Luxtrust emphasises that protecting one's personal login details is essential, as they allow clients access to online banking and administrative procedures and should never be shared with a third party. The company reiterated its privacy policy, stating that Luxtrust:

  • never asks its users for their secret codes or passwords.
  • never asks its users to intervene in banking transactions.
  • does not have access to the bank accounts/banking information of its users.
  • never calls its users directly.
  • never visits a user's home. 

How to identify a fraudulent email or text message

Malicious emails and texts can appear realistic at first glance, but Luxtrust has issued the following advice to help clients stay safe:

  • Read the message in detail. This may include spelling or grammatical errors as well as unusual expressions (although this is becoming more and more rare).

  • Check the sender's address and whether the function or organisation that sent the message matches the content. The attacker's email address may look very similar to a legitimate address. 

  • Do not respond to an email that asks for personal or confidential information, even if the email appears to be from a LuxTrust employee.

  • Do not open the attachment of an email with an unknown sender or title. A virus can be concealed in files (PDF, Office Suite or Google, etc.), images and other attachments.

  • Hover over the link (without clicking on it) and make sure it matches the content of the email and redirects to a legitimate site.

  • If something is demanded of you in an email or SMS, the legitimacy should always be questioned.