Security is everyone’s business

Good practice

To protect yourself from the various dangers involved in using the internet, it’s advisable to:

  • Protect your computer with a personal firewall and antivirus, and keep this software up to date.
  • Update your operating system regularly, activating the automatic download and installation option
  • Never install/use a program if you’re not sure of the exact source
  • Use strong passwords and change them frequently
    • A password containing at least 12 characters including upper case, lower case, numbers and special characters will not be cracked easily. Generally speaking, the longer your password, the harder it will be to crack.
    • One account = one password. Do not reuse the same password on different websites or applications.

Supported by the Luxembourg government, the cases.lu and bee-secure.lu websites contain lots of information and recommendations for responsible internet usage.

What is phishing?

Phishing is a pirating technique based on identity theft. It involves an email or text asking you to visit a banking or commercial website.

The technique consists of making victims believe that they are contacting a trusted third party – bank, government, etc. – in order to extract personal information from them: password, credit card number, date of birth, etc. The link or attachment shown actually leads to a fake site.

How can you spot a phishing attempt?

A phish* (email or text message used in a phishing attack) can generally be recognised from the following clues:

  • the email or text addresses you impersonally;
  • it suggests you act quickly;
  • it usually contains a link that you must follow;
  • it usually contains an attachment (in the case of an e-mail) that you’re asked to open;
  • it often contains spelling or grammar mistakes

How should you react?

  • Don’t answer the email or text.
  • Don’t click on the link contained in the phish.
  • Don’t open the attachment.
  • Don’t forward the email.

What is ransomware?

Ransomware is malware that hijacks personal or valuable data.

To do this, the ransomware encrypts the data, then asks its owner to send money in exchange for the decryption key.

How can you protect yourself?

Before infection:

  • Be careful with any links that you may wish to open! Golden rule: if you are not expecting an email/document, or you don’t know the sender, then don’t open it!
  • This rule should be followed at home and at work.
  • It’s best to be PROACTIVE: make sure you back up your documents regularly.

After infection:

  • There is no way of decrypting the files, so you’ll have to reinstall the computer and restore your backups.

What is social engineering?

  • Beware of phone calls from companies asking you to perform a series of actions on your computer.
  • No legitimate business will call you to report a problem if you haven’t contacted it already.
  • Don’t let anyone whom you don’t know ask you to install a program that could be used to take control of your computer.
  • Don’t visit sensitive websites (eboo, e-mail, social media, guichet.lu, etc.) if a stranger has taken control of your computer.
  • Delete all applications or programs that you have installed on your computer at the scammer’s request, or format the computer.
  • Change your passwords if you have disclosed them.

What is Wangiri fraud?

Wangiri is a type of telephone fraud: your phone rings once, then the call is cut off. It’s a call with a suspicious country code, which you don’t recognise.

If you call back, you’re connected to a premium-rate number and can therefore lose a lot of money. You may also receive a text message asking you to call a particular number. This scam is run by criminals located in exotic destinations.

What should you do?

  • If an unknown number with a strange country code appears on your phone screen, then above all don’t answer and never call back.
  • Contact the Post Telecom helpline on 8002 8004 or contact.telecom@post.lu and mention the number from which you received the call.

Security recommendations when using payment cards

If you withdraw money from an ATM, you should check that there’s nothing unusual about the machine.

  1. For shopping online with a credit card
    Before purchase
    ACheck the e-commerce site’s reliability.
    It’s easy to find user reviews of e-commerce websites. If you don’t know the online store from which you’re buying, try to check it out or find information on refund terms, deliveries/returns, contact, etc.
  2. Before you pay, make a few checks
    • Is the address of the site that you’re visiting accurate?
    Is the address of the site that you’re visiting accurate? In your browser address bar, check the spelling of the website address.
    Make sure that the URL starts with “https://”.
    • If your browser indicates (in a pop-up) that the certificate is not valid, then leave the website
    • Is a padlock shown at the bottom of the page?
  3. When you pay
    Information requested
    LWhen you pay online, the website may ask you for the following bank card details:
    • The 16 digit number,
    • The expiry date,
    • The card security code,
    • The surname and possibly first name of the cardholder.

    What to watch
    • You should never be asked for your bank card’s four-digit PIN, which is used for paying a retailer in person, online. Never share this code: only scam websites will ask you for it.
    • Some e-commerce websites save your bank card number when you make your first payment, so that you don’t have to enter it again for future transactions. We advise you not to use this feature. Under no circumstances should your bank card’s CSC be saved.
  4. After purchase: checks
    The confirmation email
    • You should receive an e-mail summary of your order just after payment, although the e-mail may end up in your spam box.
    • Check that the amount matches, that the payment method and order number are shown, and read the whole email to check that nothing else is requested.
    • Keep a copy of the order summary (date, transaction number and amount, seller’s details).

    Your personal data on the website
    • Make sure that your bank details are not stored on the website.
    If you’re in any doubt or have any suspicion, please contact 8002-8004 or contact.finance@post.lu

POST Luxembourg :

Will never contact you to ask for your secret codes
Will never ask for your personal details by e-mail or text message
Does not send text messages with links.

If you’re in any doubt or have any suspicion, please contact: 8002 8004