All Collections
Managing accesses and account security
Account security
Protect your account from phone fraud attempts (Spoofing)
Protect your account from phone fraud attempts (Spoofing)
Updated over a week ago

What is spoofing?

Spoofing is a technique where the fraudster calls you from a phone number that you think is legitimate, pretending to be a Qonto agent (e.g. from the security or fraud department).

The fraudster tries to build trust by quoting things that you think are secret and unique, such as:

  • The first 6 digits of your card

  • Your first name, last name and date of birth

  • Your IBAN number

  • Names of merchants or recent transactions

They alert you to a fraudulent transaction on your account and encourage you to secure your funds as soon as possible by:

  • making a transfer to a "safe" account

  • validating the transfer notifications received on your phone

  • sharing the code received by SMS

  • sharing your account password

  • setting up a security system

How does the fraudster scam their victims?

Through spoofing, the scammer personalizes the number that appears on your phone. Contrary to popular belief, anyone can call from any phone number. This is not a hacking of the phone line, but a spoofing of the phone number.

This is the same for emails. The fraudster can send you an email from any email address, which is a weakness in the global email network.

Moreover, some information is easily accessible by the fraudster:

  • Your first name, last name and phone number can be retrieved from social networks

  • All bank cards start with the same 6 digits and are not specific to each client

  • Your IBAN number is communicated to service providers, present on websites or Dark Web sources

  • Many transactions are made on Amazon, Fnac, Facebook, etc.: the probability that you have made a transaction to one of these merchants is high enough to justify the fraudster's bluff

How to protect yourself from spoofing?

Qonto will never contact you to perform transactions on your account and will never ask you to provide a code received by SMS.

Check the website you are accessing

Our website is https://qonto.com/ and our web application is accessible from https://app.qonto.com/. Remember to add them to your favorites.

If you are asked to enter your information on another site, do not validate anything and exit the page!

Check the validation notifications you receive

We advise you to take the time to read carefully the notifications received on your application before validating them.

The fraudster's objective is to push you to validate transactions without checking them first. It is important to take your time.

Never make transactions on demand

We will never ask you to make a transfer to any "safe” or other kind of account.

The only time Qonto will ask you to make a transfer is to fund your account to pay your registration fee.

This is not an outgoing payment to another bank account.

I think I've been spoofed, what should I do?

If you have any doubt, hang up and contact us directly:

Did this answer your question?