Protection against scam

Last update

Each year, many professionals are targeted by scams or fall victim to scams of any nature. These scams severely impact the finances of businesses as the financial annual prejudice is estimated to amount to EUR 1 billion in the Benelux countries.

At international level, the members of the International Consumer Protection and Enforcement Network (ICPEN) provide information to the public, namely with regard to:

  • telephone scams;
  • slamming;
  • phishing;
  • spams;
  • business directory scams;
  • false invoices.

In Luxembourg, the General Directorate for Small and Medium-Sized Enterprises (Direction générale des classes moyennes) launches a scam awareness campaign each year within the framework of the "Fraud Prevention Month" organised by ICPEN. The campaign is launched at the same time in over 40 countries on 5 continents.

Who is concerned?

Every individual is a possible target for scam.

Nevertheless, traders, craftsmen and liberal professions are the preferred target of scam of any nature.

It is imperative to be able to identify the various types of scam, to remain vigilant and to file a complaint where necessary.

How to proceed

Which precautions can be taken?

In order to protect yourself against scams:

  • before signing any document, carefully read its full content and clearly identify the company;
    Attention: your signature and the indication of the date are a binding contractual action. If you have signed a contract and you intend to enforce your rights (obtain a reimbursement, cancellation of the contract, etc.), you must turn to the legal authorities.
  • do not trust the formal presentation and layout of letters, emails or websites;
  • spelling mistakes or strange and complicated wordings might be an indication of a fraudulent offer;
  • do not disclose confidential information;
  • never pay an invoice from a company you have never heard of;
  • do not click on links in emails, even if the sender seems reliable;
  • always check that the internet address you are visiting is in fact the one you were looking for;
    Example: www.luxenbourg.lu instead of www.luxembourg.lu

What are the different types of scams?

Telephone scams

Most scammers usually contact their potential victim by telephone in order to start a conversation whose objective is in fact a slamming attempt, a phishing attempt or the sale of goods whose price/quality ratio is very bad.

Slamming

Slamming, or "domain name registration scams", is a term used to describe the fraudulent practices used by certain domain name registrars. It consists in tricking domain name or trademark owners to subscribe to unsolicited services. This type of scam most often relies on an element of confusion or deception and takes advantage of the victim's lack of attention.

The scammer searches the internet registries, notes the domain names which are about to expire and sends the owner a false "notice of expiry" which looks like an official invoice for the renewal.

Via the fake notice of expiry, the domain name owner is invited to renew his domain name or to choose another domain name for one or more years. Entrepreneurs who are not familiar with the management process of domain names and the appropriate terminology may be led to believe, in good faith, that they need to pay the invoice in order to keep their domain name. By accepting the offer, entrepreneurs think that they have done the right thing to safeguard their rights, but it is obviously not the case.

Phishing

Phishing is the attempt to steal passwords for bank accounts, electronic access data or credit card numbers in order to divert funds.

The victim usually receives an email which seems to come from an official body (bank, police, etc.) and which contains an urgent warning. The internet user is then redirected to a fake website which is an almost perfect copy of the concerned body's official website where the user is invited to enter his login credentials, address or bank account number. As the user completes the fields on the fake website, he will reveal his confidential data to the scammer who can then steal funds from the user's account.

Spams

Spam usually takes the form of unsolicited emails containing advertisements. Spam is dangerous as it often contains malicious software or redirects to infected websites which force access to the user's personal data.

Business directory scam

Business directory scams consist in inviting businesses to enter or update their data in a business directory (paper directory, electronic directory or e-commerce platform).

The ambiguous presentation of certain requests may lead to believe that it is a simple verification of addresses, however a more thorough reading shows that it is in fact a real contract and that the business commits itself to paying registration fees, sometimes during several years. These contracts often include an automatic renewal clause.

False invoices

Certain scammers send false invoices or reminder letters which might suggest the existence of contracts which in reality do not exist.

The phantom invoice is one type of false invoice: it is in fact a sales offer "disguised" as an invoice with the following or similar text in small print: "this is not an invoice but a sales offer". The offer is for services or goods which were never provided; this is namely the case for false invoices concerning the registration of trademarks, drawings or designs. The trademark registry being public, data such as the name and address of the owner are accessible to all; some scammers send false invoices to the owner or offer the registration in private registers in return for payment of large amounts of money.

Examples of known scams

Verified by Visa

"VerifiedByVisa" is originally an application for the protection of credit card data developed by VISA. The scam with the same name takes the form of an unsolicited email with the following text:

Email supposedly sent by the "Apple Inc." corporation.

The scam takes the form of an unsolicited email which seems to have been sent by "Apple Inc." and where the user is invited to check his personal data on a malicious website:

Email supposedly sent by the Luxembourg Inland Revenue (ACD)

The scam takes the form of an unsolicited email which seems to have been sent by the Luxembourg Inland Revenue (Administration des contributions directes - ACD) and which, depending on the case, contains one of the following messages:



The clickable link directs to a fake version of the Luxembourg Inland Revenue's website where you will be asked to enter your credit card details (name, number, expiration date, date of birth and 3D Secure password).

Windows Phone Scam

Some telephone calls are actual phishing attempts and the "Microsoft Phone Scam" is a good example.

In order to achieve their goal, the scammers pretend to be Microsoft employees who inform their victims via telephone that their computer has been infected; in order to fix the problem, the victims are guided to a website for a remote maintenance procedure where said website actually contains a Trojan horse, i.e. malicious software which enables the cybercriminal to take control of the victim's computer without his knowledge.

The scammers usually request a certain amount of money to remove the malicious software again.

Update of business data in business registers, directories of phone books

Certain businesses are inviting companies to check the accuracy of their contact data for the purpose of being listed in a business register, directory or phone book such as:

  • the Registre des affaires;
  • the Répertoire professionnel;
  • the Registre Central Européen de saisie et de publication de numéros d'identification de la taxe sur le chiffre d'affaires;
  • the Annuaire international des branches d'activité;
  • or the Portail des Entreprises de Luxembourg.

In certain cases, these businesses imitate and distort the use of logos of official bodies in order to voluntarily confuse the recipient of the mail.

The offer to list the company in these business directories often seems free of charge as the mail is a simple request to check the business' contact data, however, the offer is a proper contract proposal (and the details of the contract and its real cost are usually indicated in small print only). By signing the document, you enter into a contract and commit to pay for the publication of your business details in one of these business directories (click image to enlarge):




Example of scam - Portail des Entreprises 2015

Nigerian scam 

The scammer asks the victim to make available his bank account for the temporary transfer of funds blocked abroad against a payment of 10 to 25 % of the amount. Moreover, the victim has to pay lawyer's fees and customs duty up front but will never receive the payment agreed upon.

Fake President scam

The fraud consisting in a "fraudulent international money transfer", also known as the "Fake President scam" has been targeting an increasing number of SMEs and large corporations.

In this type of scam, the fraudsters target a company (usually a subsidiary where the employees do not know the CEO, CFO, etc. in person) and try to gather a maximum of information on the company targeted (e.g. its organisation, hierarchy, etc.).

The fraudster then impersonates a group executive and calls or emails one of the business managers in the subsidiary or one of their trusted providers (lawyer, notary, etc.) and convinces the accounting department to transfer a large amount of money to an off-shore account.

Online job vacancy scam

An online job vacancy scam is a fake job offer published on an online recruiting website on behalf of a renowned multinational company.

After filing his application, the candidate receives an email from the scammer informing him that his application was accepted.

The applicant is then summoned to a fake job interview abroad, for which he must advance travel expenses and contact a fictitious travel agency.

Once the agency has been paid, generally several hundred euros, the candidate receives no more updates, neither from the travel agency nor from the advertiser.

(Click the image to enlarge)

What to do in the event of a scam?

Businesses often feel helpless against scams which is why many do not take legal action if they have fallen victim to a scam.

If you are a victim of scam or fraud in Luxembourg, you can inform the professional chambers and federations (Chamber of Commerce, Chamber of Skilled Trades and Crafts) and contact the Hotline of the General Directorate for Small and Medium-Sized Enterprises. These bodies and administrations will disseminate the information in order to actively participate in fraud prevention.

You can file a complaint at the nearest police station or with the Criminal Police Department.

Who to contact

Chamber of Commerce

  • Chamber of Commerce Chamber of Commerce
    7, rue Alcide de Gasperi L-2981 Luxembourg Luxembourg
    Closed ⋅ Opens at 14.00
    Tuesday:
    8.00 to 12.00, 14.00 to 18.00
    Wednesday:
    8.00 to 12.00, 14.00 to 18.00
    Thursday:
    8.00 to 12.00, 14.00 to 18.00
    Friday:
    8.00 to 12.00, 14.00 to 18.00
    Saturday:
    Closed
    Sunday:
    Closed
    Monday:
    8.00 to 12.00, 14.00 to 18.00
    08.00 - 12.00 and 14.00 - 18.00

Chamber of Skilled Trades and Crafts

2 of 7 bodies shown

Criminal Police Department

Related procedures and links

Links

Further information

Your opinion matters to us

Tell us what you think of this page. You can leave us your feedback on how to improve this page. You will not receive a reply to your feedback. Please use the contact form for any specific questions you might have.

Fields marked with an asterisk (*) are mandatory.

Did you find what you were looking for?*
How would you rate this page?*
Very poor
Very good

Leave a comment to help us improve this page. Do not provide any personal information such as your email address, name, telephone number, etc.

0/1000

Please rate this page

Your opinion has been submitted successfully!

Thank you for your contribution. If you need help or have any questions, please use the contact form.

Would you like to help us make digital public services more user-friendly by submitting your suggestions for improvement?

Then visit Zesumme Vereinfachen, the online participation platform dedicated to administrative simplification in Luxembourg.

Let's simplify things together

An error occurred

Oops, an error has been detected during your form processing.