Banco de Portugal once again warned of the increase in fraud attempts made via SMS, email and telephone calls, in which fraudsters try to trick victims into paying unduly, often by IBAN, Multibanco reference or MB WAY, or handing over personal and banking details.
The alert comes at a time when the cell phone has already replaced, for many, the wallet and cards, which makes “quick click” and immediate payment more common, and, therefore, more exploitable by social engineering schemes.
The central message is simple: when the request arrives with haste, threat and urgency, it is most likely not a legitimate entity, and this is precisely the pattern described in the Banco de Portugal warnings.
The scam script: false identification, urgency and pressure
According to the Banco de Portugal’s explanation, these frauds often begin with a contact that appears credible: fraudsters pretend to be service companies, transport companies, public entities or even “someone they know”.
Next comes urgency: an “overdue invoice”, a “blocked order”, a “tax problem” or an “unpaid payment”, with language designed to scare and prevent the victim from stopping to confirm.
The final step is the payment request, with “ready instructions”, transfer to an IBAN, Multibanco reference, MB WAY or links that imitate official pages, so that the victim can carry out the operation without carrying out basic validations.
Why does MB WAY appear in these schemes
MB WAY is not “the problem”: the problem is the way in which the fraudster tries to take advantage of the speed of payment and the trust created in the initial contact, leading the victim to authorize an operation that, in practice, is a payment to the criminal.
In many cases, the scam is set up to appear like a normal procedure (“just confirm”, “just regularize”, “just validate”), when in fact it is pushing the victim into an irreversible act.
Therefore, Banco de Portugal insists on a detail that can stop fraud: before confirming any operation, carefully validate who the money is going to and be suspicious when the recipient does not correspond to what would be expected.
What Banco de Portugal recommends doing (and what never to do)
The one from Portugal emphasizes that legitimate entities do not demand immediate payments via SMS, email or messaging apps, nor do they ask for sensitive data through these channels, especially when everything is presented as “urgent”.
The practical recommendation is: do not click on suspicious links, do not respond “in the heat of the moment” and always confirm the information through official contacts (the entity’s official website and helpline), never through the contacts that appear in the message itself.
If the request comes “in the name” of a family member or acquaintance (for example, “I changed my number” or “the cell phone broke down”), the rule is simple: stop and confirm directly with that person by another means, before any transfer or payment.
Three warning signs that should light up “red light”
Threatening phrases (“if you don’t pay, they’ll cut you off…”, “you have a debt”, “you’ll have a fine”) and impossible deadlines (“it has to be now”) are classic signs of attempted manipulation.
Another common sign is the “rush to close the matter”: the scammer tries to guide the victim step by step, keeping them busy so they don’t ask for help or think, exactly as phishing alerts describe.
And there is also the most practical indicator: when the message requests payment by IBAN/MB WAY/reference and avoids normal channels (customer area, real invoice, official contacts), the probability of fraud increases greatly.
Also read:
