For any suspicion of fraud, contact us directly via the chat from your Qonto application by selecting for a suspicion of fraud, followed by the most appropriate situation.
1. Never share confidential information with third parties
Under all circumstances, avoid disclosing confidential information to third parties, whether over the phone or through any other means of communication. Qonto will never request the transmission of sensitive information outside of its secure interfaces (mobile application or website).
If you receive such a request via a message or call identified as coming from Qonto, be extremely vigilant; it is likely a spoofing attempt.
2. Confirm information through another channel in case of doubt
Contact us via the Qonto application or through your client space on our website.
3. Be attentive to received communications
Be vigilant about emails and other messages requesting transactions or banking information.
-
Avoid opening unwanted emails (spams) and prefer messaging platforms offering filters.
-
Always check the spelling of the email address and the message content.
-
In case of doubt, do not download any documents and do not click on any links.
-
If you have already clicked on a link, ensure that the site is secure: look for the padlock on the left side of the address bar and verify that the connection is in https.
-
Check the functionality of all buttons on the page. Fraudsters often limit themselves to replicating the login page and neglect other elements and buttons on the site.
4. Beware of urgent situations
Often used in social engineering cases, this approach encourages victims to make hasty decisions, neglecting usual security rules. For example, they might be pressured to approve a transfer or change their password.
Take a step back and carefully analyze the notifications received on your application before validating them. In the case of a transfer, verify the IBAN and the name of the beneficiary bank. If the notification asks you to approve a new connection, check the device and the location.
If you have any doubts, contact our customer service via the chat available in the mobile application.
5. Never perform operations on request
We will never contact you to request confidential information or perform a banking operation (transfer to a 'security account,' changing passwords, approving a new member or new connection, etc.).
When a third party asks you to approve a transfer through Strong Authentication to cancel alleged fraudulent operations, it is a scam: Strong Authentication is only intended to approve transactions.
Similarly, we will never ask you to hand over your payment card to a third party such as a courier, for example, to 'secure' your Qonto account.
6. Use your Qonto account in a secure environment
Verify the legitimacy of the websites you visit. Secure URLs start with https and display a padlock before the site name, ensuring their security through a digital certificate.
For example, our official site is /hc/en-us/articles/23949237849873, and our web application is accessible via /hc/en-us/articles/23949237849873. It is recommended to bookmark them for secure and quick access.
Keep your Qonto application and your operating system up to date for optimal security. Prioritize secure connections and avoid public or shared WiFi networks. When using a shared device, ensure you log out after use and avoid saving your banking information on that device.
7. Use your Qonto payment card in a secure environment
Limit your purchases with your Qonto card to reputable and trustworthy merchants.
When transacting with individuals via a platform, opt for the payment service it provides for increased security.
8. Strengthen your account's security
Opt for a complex password, including various types of characters, such as uppercase and lowercase letters.
Avoid reusing the same password for multiple accesses, especially for sensitive services like your Qonto account. Change your password regularly and activate Strong Authentication on your account.
9. Maximize control over account usage
Establish a whitelist of entities authorized to make withdrawals from the company's bank account.
Restrict access to sensitive data of the business account and share it only with authorized employees to perform operations.
10. Promote best practices within your company
Protecting your company's account involves all your employees, who may be individually targeted at any time by phishing and social engineering attacks.
Share these best practices with your collaborators and consider training them on topics related to frauds in general.