Phishing, Smishing and Scams Portugal MB Way
What Is Phishing?
Phishing is a type of online scam used to trick people into revealing personal information or sending money. It usually happens through fake emails or fraudulent websites that look like they belong to trusted organizations such as banks, delivery companies, online stores, or even government services.
Scammers use social engineering to create a false sense of trust. They often copy logos, colors, and language from real companies to make their messages look authentic. The goal is to convince victims to click on malicious links, download infected attachments, or enter sensitive data such as passwords, credit card numbers, or login codes.
Phishing messages frequently create a sense of urgency, claiming that an account will be blocked, a payment has failed, or a prize is about to expire. This pressure is designed to make people act quickly without thinking. The safest response is to stay skeptical of unexpected or urgent requests, avoid clicking on suspicious links, and always verify information directly on the official website or app of the organization.
What Are Phishing, Smishing and MB WAY Scams?
Phishing is a type of online fraud where criminals send fake emails or create fake websites to trick people into revealing personal information, such as passwords, credit card numbers or bank details. These messages often look like they come from trusted companies or banks and usually contain links that lead to fraudulent pages.
Smishing (SMS phishing) is similar to phishing but happens via text messages. Fraudsters send SMS messages that appear to be from legitimate organizations, asking the victim to click on a link, call a number or share confidential data. The goal is to steal information or install malicious software on the victim’s device.
MB WAY scams are fraud schemes involving the MB WAY mobile payment service. Criminals contact victims by phone, email or message, pretending to be bank employees or buyers from online marketplaces. They then guide the victim to generate or share MB WAY codes or authorizations, allowing the fraudster to transfer money from the victim’s account without consent.
Phishing, Smishing, Vishing and MB Way Scams in Portugal
Phishing, smishing, vishing and MB Way scams in Portugal are sophisticated social engineering frauds in which criminals impersonate banks, delivery companies, public services or trusted brands to steal sensitive data and money. These attacks exploit trust and urgency, using fake SMS, WhatsApp messages, emails or phone calls to push victims into revealing banking credentials, installing malicious apps or authorising fraudulent transfers.
How These Scams Work
In phishing and smishing, victims receive links to fake websites that closely mimic legitimate online banking or service portals. Once login details, card numbers or MB Way codes are entered, criminals gain access to accounts and can quickly move funds. In vishing, fraudsters call victims, often spoofing official phone numbers, and pressure them to share security codes or install remote-access tools.
MB Way scams frequently involve criminals convincing victims to generate MB Way codes or accept invitations that secretly authorise transfers. By abusing the speed and convenience of instant payments, attackers can empty accounts before suspicious activity is detected.
Prevention and Online Security
Effective protection against these scams relies on strong digital hygiene and scepticism toward unsolicited contact. Key measures include:
- Never clicking on links in unexpected SMS, WhatsApp messages or emails claiming to be from a bank or delivery service.
- Accessing online banking only through official apps or by typing the bank’s URL directly into the browser.
- Refusing to share PINs, passwords, MB Way codes or one-time passwords with anyone, including supposed bank employees.
- Verifying suspicious calls by hanging up and calling the official number listed on the bank’s website.
- Regularly reviewing account movements and activating alerts for transactions.
Additional guidance on secure payments and digital safety can be found in dedicated security sections of banking websites and trusted consumer protection resources, which often include detailed advice on recognising and reporting online fraud attempts.

Fraud, Phishing and Identity Cloning in Banking
In cases of fraud, phishing and identity cloning, the bank is responsible for reimbursing the customer whenever it cannot prove that the customer acted with intent or gross negligence. The burden of proof lies entirely with the financial institution, which must demonstrate that the customer seriously breached security duties when using payment services.
Phishing and identity cloning are situations in which the customer is deceived through fraudulent communications that imitate the bank, such as fake emails, SMS messages, phone calls or websites designed to capture access credentials, personal data and security codes.
Because these attacks exploit sophisticated social engineering techniques, the customer is generally considered a victim of deception, not the cause of the loss. In the absence of clear evidence of intentional or grossly negligent behaviour by the customer, the bank must refund the amounts unduly debited and restore the account to its previous state.
To reduce the risk of fraud, banks are expected to implement robust authentication mechanisms, continuous transaction monitoring and clear security information. Customers, in turn, should never share passwords or codes, always check website addresses and contact the official bank channels whenever they suspect a fraudulent approach.
