Each year, many professionals are targeted by scams or fall victim to scams of any nature. These scams severely impact the finances of businesses as the financial annual prejudice is estimated to amount to EUR 1 billion in the Benelux countries.
At international level, the members of the International Consumer Protection and Enforcement Network (ICPEN) provide information to the public, namely with regard to:
In Luxembourg, the General Directorate for Small and Medium-Sized Enterprises (Direction générale des classes moyennes) launches a scam awareness campaign each year within the framework of the "Fraud Prevention Month" organised by ICPEN. The campaign is launched at the same time in over 40 countries on 5 continents.
Every individual is a possible target for scam.
Nevertheless, traders, craftsmen and liberal professions are the preferred target of scam of any nature.
It is imperative to be able to identify the various types of scam, to remain vigilant and to file a complaint where necessary.
In order to protect yourself against scams:
Most scammers usually contact their potential victim by telephone in order to start a conversation whose objective is in fact a slamming attempt, a phishing attempt or the sale of goods whose price/quality ratio is very bad.
Slamming, or "domain name registration scams", is a term used to describe the fraudulent practices used by certain domain name registrars. It consists in tricking domain name or trademark owners to subscribe to unsolicited services. This type of scam most often relies on an element of confusion or deception and takes advantage of the victim's lack of attention.
The scammer searches the internet registries, notes the domain names which are about to expire and sends the owner a false "notice of expiry" which looks like an official invoice for the renewal.
Via the fake notice of expiry, the domain name owner is invited to renew his domain name or to choose another domain name for one or more years. Entrepreneurs who are not familiar with the management process of domain names and the appropriate terminology may be led to believe, in good faith, that they need to pay the invoice in order to keep their domain name. By accepting the offer, entrepreneurs think that they have done the right thing to safeguard their rights, but it is obviously not the case.
Phishing is the attempt to steal passwords for bank accounts, electronic access data or credit card numbers in order to divert funds.
The victim usually receives an email which seems to come from an official body (bank, police, etc.) and which contains an urgent warning. The internet user is then redirected to a fake website which is an almost perfect copy of the concerned body's official website where the user is invited to enter his login credentials, address or bank account number. As the user completes the fields on the fake website, he will reveal his confidential data to the scammer who can then steal funds from the user's account.
Spam usually takes the form of unsolicited emails containing advertisements. Spam is dangerous as it often contains malicious software or redirects to infected websites which force access to the user's personal data.
Business directory scams consist in inviting businesses to enter or update their data in a business directory (paper directory, electronic directory or e-commerce platform).
The ambiguous presentation of certain requests may lead to believe that it is a simple verification of addresses, however a more thorough reading shows that it is in fact a real contract and that the business commits itself to paying registration fees, sometimes during several years. These contracts often include an automatic renewal clause.
Certain scammers send false invoices or reminder letters which might suggest the existence of contracts which in reality do not exist.
The phantom invoice is one type of false invoice: it is in fact a sales offer "disguised" as an invoice with the following or similar text in small print: "this is not an invoice but a sales offer". The offer is for services or goods which were never provided; this is namely the case for false invoices concerning the registration of trademarks, drawings or designs. The trademark registry being public, data such as the name and address of the owner are accessible to all; some scammers send false invoices to the owner or offer the registration in private registers in return for payment of large amounts of money.
"VerifiedByVisa" is originally an application for the protection of credit card data developed by VISA. The scam with the same name takes the form of an unsolicited email with the following text:
The scam takes the form of an unsolicited email which seems to have been sent by "Apple Inc." and where the user is invited to check his personal data on a malicious website:
The scam takes the form of an unsolicited email which seems to have been sent by the Luxembourg Inland Revenue (Administration des contributions directes - ACD) and which, depending on the case, contains one of the following messages:
The clickable link directs to a fake version of the Luxembourg Inland Revenue's website where you will be asked to enter your credit card details (name, number, expiration date, date of birth and 3D Secure password).
Some telephone calls are actual phishing attempts and the "Microsoft Phone Scam" is a good example.
In order to achieve their goal, the scammers pretend to be Microsoft employees who inform their victims via telephone that their computer has been infected; in order to fix the problem, the victims are guided to a website for a remote maintenance procedure where said website actually contains a Trojan horse, i.e. malicious software which enables the cybercriminal to take control of the victim's computer without his knowledge.
The scammers usually request a certain amount of money to remove the malicious software again.
Certain businesses are inviting companies to check the accuracy of their contact data for the purpose of being listed in a business register, directory or phone book such as:
In certain cases, these businesses imitate and distort the use of logos of official bodies in order to voluntarily confuse the recipient of the mail.
The offer to list the company in these business directories often seems free of charge as the mail is a simple request to check the business' contact data, however, the offer is a proper contract proposal (and the details of the contract and its real cost are usually indicated in small print only). By signing the document, you enter into a contract and commit to pay for the publication of your business details in one of these business directories (click image to enlarge):
The scammer asks the victim to make available his bank account for the temporary transfer of funds blocked abroad against a payment of 10 to 25 % of the amount. Moreover, the victim has to pay lawyer's fees and customs duty up front but will never receive the payment agreed upon.
The fraud consisting in a "fraudulent international money transfer", also known as the "Fake President scam" has been targeting an increasing number of SMEs and large corporations.
In this type of scam, the fraudsters target a company (usually a subsidiary where the employees do not know the CEO, CFO, etc. in person) and try to gather a maximum of information on the company targeted (e.g. its organisation, hierarchy, etc.).
The fraudster then impersonates a group executive and calls or emails one of the business managers in the subsidiary or one of their trusted providers (lawyer, notary, etc.) and convinces the accounting department to transfer a large amount of money to an off-shore account.
An online job vacancy scam is a fake job offer published on an online recruiting website on behalf of a renowned multinational company.
After filing his application, the candidate receives an email from the scammer informing him that his application was accepted.
The applicant is then summoned to a fake job interview abroad, for which he must advance travel expenses and contact a fictitious travel agency.
Once the agency has been paid, generally several hundred euros, the candidate receives no more updates, neither from the travel agency nor from the advertiser.
(Click the image to enlarge)
Businesses often feel helpless against scams which is why many do not take legal action if they have fallen victim to a scam.
If you are a victim of scam or fraud in Luxembourg, you can inform the professional chambers and federations (Chamber of Commerce, Chamber of Skilled Trades and Crafts) and contact the Hotline of the General Directorate for Small and Medium-Sized Enterprises. These bodies and administrations will disseminate the information in order to actively participate in fraud prevention.
You can file a complaint at the nearest police station or with the Criminal Police Department.