How N26 will contact you — and how we won’t

Keeping customer accounts safe has always been the top priority for banks. At N26, we’ve gone the extra mile to create a secure and intuitive banking experience. From two-factor authentication to 3D Secure technology, we’re adhering to the highest standards of financial crime prevention. 

Still, like all banks, our customers get targeted by con artists posing as N26 employees. Their goal: trick N26 customers into sharing sensitive data, clicking on fraudulent links, or transferring money to illegitimate accounts. 

To stop financial criminals in their tracks, both banks and customers need to remain vigilant. In this article, we explain how N26 will contact you — and how we won’t. We’ll also look at different types of social engineering tactics, and offer some tips to help you keep your account and personal data secure. 

Telling the difference between real and fake messages can be tough. Keep reading for a side-by-side comparison showing exactly how we’ll communicate with you — and how we won’t.

With phone calls, it’s pretty straightforward: If you receive a cold call from N26, it’s a scam. N26 will never contact you unprompted via phone. If a phone call is necessary, we’ll always use the Secure Message feature in your N26 app to set it up.

When N26 uses text messages, the primary purpose is to send you verification codes. These codes are meant for you to enter directly in the N26 app, or via a Support Chat with a N26 Customer Support representative. We’ll never ask you to share these verification codes via email or social media. We may also send an SMS to inform you of changes to your personal data, which will always redirect you to get in touch with Customer Support via your banking app.  

N26 will also never send you clickable links or demands via SMS, ask you to download any software or install an app, or contact you via WhatsApp. 

Email communication from N26 will only take these two forms: 

• Marketing emails from newsletter@email.n26.com to inform you about new products or articles
• Alerts from noreply@n26.com or noreply@email.n26.com about important messages in the Secure Inbox section of your N26 app, data changes, surveys, or notifications about account security
• Contact from support@n26.com via email in case you don’t have access to your N26 account  

If we have any sensitive request requiring your attention, we’ll contact you via the in-app Secure Inbox feature. You’ll receive an email letting you know that there’s a message in your Secure Inbox, plus a push notification if you have them enabled. That’s it! 

A few other things to know: N26 will never request information from you via email, ask you to respond to an email with any personal data, or send you links to download anything. Be suspicious of emails that try any of those tactics.

Our website URL is n26.com and our support page is support.n26.com. Some email or SMS phishing scams will use fake URLs that look similar, but they don’t belong to N26. Here are a few ways to check for fakes:

• Simply hover over the link — without clicking on it! — with your cursor so that the web address appears at the bottom left-hand corner of your screen. Watch out for unusual characters in the URL.
• Google the URL or domain, or check websites like “urlscan.io” to see if the URL has been tagged as fraudulent. 
• Look for the padlock symbol that indicates a secure connection — it’s located next to the website URL in your browser window. Click on the padlock to verify the website credentials, or to check if the Secure Sockets Layer (SSL) certificate is valid and who it was issued to.

So, now we know what scam messages and links can look like — but what are these techniques actually for?

Fraudsters today often resort to social engineering techniques to steal sensitive information from customers, because bank accounts and credit card details are increasingly difficult to hack. Instead, they pose as a trusted person or authority to manipulate or pressure victims into giving them access to their accounts or funds. Though social engineering can be done in person, these days, it’s mostly done online or via phone through a practice known as “phishing.”

Phishing is a tactic designed to con unsuspecting customers into handing over sensitive information, downloading malware, or transferring personal funds. Phishing attempts may take the form of email, text or social media messages, or even phone calls. 

For example, you may receive an email that looks as if it comes from your bank telling you there’s a problem with your account, asking you to update your details by following a fake link. Alternatively, fraudsters may contact you via text or social media with an offer that sounds too good to be true, asking you to enter personal details in order to claim a reward. Whether they’re trying to pressure you through fear or enthusiasm, phishing scammers can be astonishingly convincing. 

Because of the widespread use of digital technology, fraudsters can use phishing techniques to much success, even without much technical know-how. Here are the three most common types of phishing in practice today. 

Email phishing is one of the most common types. With this tactic, fraudsters send out emails claiming to be a company, government authority, or even a family friend. These emails may link to a fake website that impersonates a real company. Then, they’ll ask you to enter your personal details, bank account login, or credit card data. Once the scammers get your personal details, they can use them to log in to your bank account and stage an account takeover, or use your credit card details to conduct card fraud. Alternatively, email phishers might pose as a friend or family member in need of help, asking for an immediate transfer of funds.

SMS phishing, known colloquially as “smishing,” is a type of phishing done via text message. This kind of phishing scam involves reaching out to smartphone users via text with alleged account alerts, prize notifications, or even postal scams. With the latter, customers may get an email or a text message that looks like it comes from Deutsche Post, for example, asking them to tap a link and insert payment details to get their package. Once the payment links have been entered, the scammer has access to their victim’s bank account or credit card and can wreak havoc on their financial life. 

An increasingly dangerous type of smishing is conducted via WhatsApp, particularly for so-called “grandparent scams.” Here, a fraudster may reach out to someone’s grandparent via WhatsApp, claiming to be their grandchild and requesting a bank transfer or PayPal payment. 

This portmanteau word that mashes up “voice” and “phishing” is a type of scam conducted via phone call or voicemail. It’s used by fraudsters to gain access to victims’ money or other personal information. They might try to access a person’s bank account, steal credit card numbers, or even trick them into transferring money themselves.

Scammers are smart. That’s why it’s important to be vigilant about protecting yourself and your personal information. Here are 11 more tips on how to do that. 

1. Keep your N26 app and computer updated with the latest updates and bug fixes.
2. Use fingerprint or facial recognition to log in to your account.
3. Create strong passwords with letters, numbers, and symbols — and never use the same one across multiple accounts.
4. Always look carefully at where emails come from if they’re requesting something from you. Pay especially close attention to the sender’s details and to any URLs that seem suspicious.
5. Be careful with public or shared WIFI connections — always choose secure WPA2 connections over WEP connections and use a VPN where possible.
6. Enable location tracking on your N26 app, so we can spot irregular transactions that you may not have made.
7. If a message sounds urgent, take your time and don’t be pressured into taking immediate action. Instilling a sense of panic or even excitement is one of the most common social engineering tactics that scammers rely on. They want people to act first and think later.
8. Remember: If an offer — online or offline — seems too good to be true, it probably is. 
9. Use multi-factor-authentication (also known as 2-Factor Authentication or 2FA), which uses your smartphone or another device to confirm your access to your accounts.
10. Always double-check links sent in emails. When in doubt, search online for the website rather than clicking on the link itself.
11. Never download files, share personal information, or click on links from unknown senders.

We’re proud to bring our customers convenient, digital banking — without compromising on security. At N26, protecting your finances is our first priority. Experience peace of mind, thanks to security features such as biometric authentication, smartphone pairing, and 3D Secure technology. Receive instant push notifications whenever money enters or leaves your account, so you always know what’s happening.  If you think you’ve been a victim of a scam, don’t hesitate to contact our N26 Customer Support team. They’re there to help seven days a week via the in-app chat function or the N26 WebApp. And if you want to learn more about staying safe online, check out our online security guide. It’s full of handy tips to protect your finances against scams.