What is spoofing?
Spoofing is a technique where the fraudster calls you from a phone number that you think is legitimate, pretending to be a Qonto agent (e.g. from the security or fraud department).
The fraudster tries to build trust by quoting things that you think are secret and unique, such as:
The first 6 digits of your card
Your first name, last name and date of birth
Your IBAN number
Names of merchants or recent transactions
They alert you to a fraudulent transaction on your account and encourage you to secure your funds as soon as possible by:
making a transfer to a "safe" account
validating the transfer notifications received on your phone
sharing the code received by SMS
sharing your account password
setting up a security system
How does the fraudster scam their victims?
Through spoofing, the scammer personalizes the number that appears on your phone. Contrary to popular belief, anyone can call from any phone number. This is not a hacking of the phone line, but a spoofing of the phone number.
This is the same for emails. The fraudster can send you an email from any email address, which is a weakness in the global email network.
Moreover, some information is easily accessible by the fraudster:
Your first name, last name and phone number can be retrieved from social networks
All bank cards start with the same 6 digits and are not specific to each client
Your IBAN number is communicated to service providers, present on websites or Dark Web sources
Many transactions are made on Amazon, Fnac, Facebook, etc.: the probability that you have made a transaction to one of these merchants is high enough to justify the fraudster's bluff
How to protect yourself from spoofing?
Qonto will never contact you to perform transactions on your account and will never ask you to provide a code received by SMS.
Check the website you are accessing
If you are asked to enter your information on another site, do not validate anything and exit the page!
Check the validation notifications you receive
We advise you to take the time to read carefully the notifications received on your application before validating them.
The fraudster's objective is to push you to validate transactions without checking them first. It is important to take your time.
Never make transactions on demand
We will never ask you to make a transfer to any "safe” or other kind of account.
The only time Qonto will ask you to make a transfer is to fund your account to pay your registration fee.
This is not an outgoing payment to another bank account.
I think I've been spoofed, what should I do?
If you have any doubt, hang up and contact us directly:
by chat from your web or mobile interface
by email at [email protected]