Last update
Phishing awareness
Introduction
The Luxembourg Government considers information security a prime priority. But no one is completely immune to some sort of incident. Phishing is one of the most common malicious activities in which a third party attempts to:
- log in to your electronic account; and
- gain access to your private data.
That is why the Luxembourg State's electronic platforms are protected by a strong authentication mechanism such as the LuxTrust products or the GouvID app.
Strong authentication requires you to be in possession of 2 separate elements to be able to log on. For example, to log on to MyGuichet.lu with the GouvID app, you must use your ID card and your secret PIN.
Phishing
Phishing is a technique used by a malicious person to collect personal information about you by using emails, text messages and fake websites that make you believe you are on the real website.
This malicious person may try to fool you by luring you to a fake website and asking you, for example, to scan a GouvID QR code or enter your LuxTrust identifiers.
For more information about phishing, please visit the BEE-SECURE website.
Good practices to adopt
Adopting the right practices will help to protect you from being phished.
- Never scan a GouvID code sent to you by email or text message.
The online public services never send out a GouvID code by email or text message.
- Never scan a GouvID code if you have not previously initiated a connection or the signing of a form on a government platform.
When you scan a GouvID code:- to establish a connection: check that the name of the platform shown in the app corresponds to the one on which you want to authenticate yourself; and
- in order to sign a document: check that the name of the document shown in the app corresponds to the document you want to sign.
- to establish a connection: check that the name of the platform shown in the app corresponds to the one on which you want to authenticate yourself; and
- Always check the web address (URL) in your browser before entering login data or scanning a GouvID code.
The URLs used by the Government platforms offering GouvID start with:
Government platform |
URL used |
---|---|
Guichet.lu |
https://guichet.public.lu/ |
MyGuichet.lu | https://services-publics.lu/; https://redirect.myguichet.lu |
Services of the Luxembourg Business Registers | https://www.lbr.lu |
The eCDF platform | https://login.b2g.etat.lu/ |
What to do if you've been phished
- Have you been sent a phishing email for a State website?
You can report phishing emails and text messages to the Computer Incident Response Center Luxembourg (CIRCL) by clicking here; they will then be analysed by the CIRCL. You'll be helping other users.
- Have you been phished by a website impersonating a State site? Contact the Guichet.lu Helpdesk by phone at (+352) 247-82 000 (Monday to Friday from 8.00 to 18.00) or via their online contact form.