Internet Security

Related subjects:
Reading time: 7 minute(s)
Online frauds are becoming a more and more frequent threat. Learn all about the methods used by cyber criminals, how to protect yourself from them and how to act in case you become a victim of cyber crime.

Online frauds are becoming a more and more frequent threat. Learn all about the methods used by cyber criminals, how to protect yourself from them and how to act in case you become a victim of cyber crime.

How to Avoid Getting Scammed

  • Be reasonable - Never open email attachments from unknown sources. Also, always make sure you don't click on any suspicious links or banners.
  • Be private - Never share your login information or devices with anyone; create strong passwords and don’t use the same passwords for more than one account.
  • Be independent - Don’t log into your trading account while using public Wi-Fi or public devices (in hotels, internet cafes etc.)
  • Be on time - Always update your devices and software to the newest version. Remember to use antivirus software.
  • Be aware/conscious - To evade scam, gain more knowledge about the methods used by cybercriminals.

Most Common Fraud Methods

Fraud Methods

Vishing

This method is based on impersonating employees of various investing, service and financial companies and even police or other services on the phone. Scammers are mimicking employees of known and popular companies and use their authority to make calls during which they try to extort login, password or debit/credit card data.

Under the pretext of additional authorisation, data update or system malfunction, they will often ask for personal information and try to persuade users to install apps like AnyDesk or TeamViewer, which give scammers access to phone or computer, letting them steal the data or money.

Remember! Never give anyone your password to trading, financial and any other accounts.

Phishing

Scammers using this method create fake internet websites or emails that closely resemble those from banks or investing companies. They often use logos and copy the graphic layout of messages. Under the pretext of updating the data, authorisation or confirming the transfer, scammers suggest to log in using such fake websites.

Remember! Never open suspicious links and attachments from unknown sources.

Smishing

Cyber criminals using this method send an SMS in which they inform, for example, about the new transaction on your account and need to confirm it by going into the link, which leads to a fake website. After user logs in to such a fake website, scammers steal their login and password, granting them access to real accounts.

To extort such data, scammers can also give different reasons, like deactivation of service or IQ tests. Scammers even impersonate government and national institutions, create a fake SMS informing about the dangers of, for example, the vaccination program.

Remember! Always check the sender of the message and the safety certificate on opened sites.

Learn About Methods That Scammers Use When Impersonating XTB

The callers, who often do not introduce themselves, explain the possibility of executing profit from investment, citing their partnership with XTB.

Scammers often do not introduce themselves and don’t give the name of the company, unless they are asked to do so. Criminals often impersonate XTB by sharing authentic and publicly accessible data. Scammer can also claim to work for an XTB “partner” company.

Remember! XTB Consultants always introduce themselves at the beginning of the conversation. XTB never uses services of external companies to contact the clients and XTB workers do not provide investment advisory services. Remember! If you are having any doubts, hang up and call us on +44 2036953085 or write an email to uksales@xtb.com.

The caller impersonating an XTB employee claims that the automatic investing function was turned on on an inactive broker account, which resulted in accumulation of a certain amount of money (sometimes even cryptocurrencies) that can be withdrawn. To withdraw the money, the scammer asks for login data and other sensitive information.

Remember! XTB employees never make any transactions on clients accounts, and they do not trade on behalf of our clients. Such claims are aimed to grab the victims attention and make them trust the scammer. If somebody offers you gain from an investment you never made, then it’s a fraud aiming to steal your data.

The caller impersonating an XTB consultant claims that in order to withdraw the money, you have to install additional software (AnyDesk, TeamViewer or Quicksupport) or asks for account access data.

Remember! XTB Employees never ask you to install any other software than our trading platform, and they never ask for your login data. Installing programs like AnyViewer or Anydesk gives the scammer access to see anything on your device and control it remotely. That way, scammers will snag your login data, which lets them, for example, steal money straight from your bank account.

I opened the link, which redirected me to a suspicious site closely resembling the XTB website.

One of the most original methods of scammers is creating clones (identical copies) of popular service providers like XTB. This kind of website often looks identical to the official website, but its only purpose is to deceive the victim who, thinking that they are visiting the real website, will log in with their real login information, which will then be used by the scammers. Frauds can use different variations of the web address, hoping on the victim's lack of attention, such as XTB-GROUPS.COM, XTBE.COM etc. The websites can also use typos like XTTB.COM. Such a fake website can be recognised by an inappropriate URL address or a lack of safety certificates.

Remember! XTB website address is https://xtb.com and other, but always based on main XTB domain. For example, the Polish site can be found under the https://xtb.com/pl address. Before giving you access data to xStation or Investor’s Room, make sure you are on https://co.xtb.com/ or https://xstation5.xtb.com/ domains. All authentic XTB websites possess a safety certificate market by a padlock sign (in the website address bar).

Important Questions and Answers

How can I check if the website I'm logging on has a safety certificate?

Remember to log in exclusively through https://xtb.com website. You can check the safety certificate by clicking the sign of closed padlock on the left side of browser address bar. After clicking on the padlock, you will receive description of the safety protocol.

XTB applies the highest standards of security. All data are transferred using the safe and coded SSL connection.

How do I create a safe password?

You password must include at least 8 characters, including one capital letter and one number. To improve your password security you can also use special characters like “!@#$%&” and other. Password can also include Polish letters like “ą, ź, ż, ó, ł” etc.

Remember! Never share your login and password with third parties. A good practice is to change your password often, and not use the same password on more than one website.

What will an XTB employee never ask me for?

Even though XTB consultants will verify your data at the beginning of the conversation, they will never ask for:

  • Password to your account
  • Installing the app for authorisation or remote control (e.g. Anydesk)
  • Giving your credit card information
  • Transferring money (in order to confirm the payment) on number other, than one shown in the investors room

Where can I download the XTB mobile app?

There are two verified sources from which you can download  the xStation app:

  • Always download the mobile version of the app from the official app stores. For Android smartphones it’s Play Store available at https://play.google.com/, and for Apple smartphones it’s AppStore available at https://www.apple.com/pl/app-store/. After visiting the store, simply type XTB in the search bar and download the app.
  • You can find the up-to-date desktop version of the platform on our site www.xtb.com

How can I verify that I’m speaking with an XTB employee?

Clients can verify each call by calling +44 2036953085 or emailing us at uksales@xtb.com

lock

How Does XTB Care for Your Safety?

  • Access authorisation - XTB app allows authorisation by password, fingerprint or a code - thanks to this only you have access your account.
  • Encrypted connections - All connections between XTB servers and mobile app on your device are fully encrypted, raising the security level.
  • Protection of means/money - Your money can only be transferred to your personal account. Nobody will transfer the money to an account other than that of a client.
  • Multi-factor authentication - For your safety, we confirm key changes or information using different methods of contact (phone, email, sms).
  • Advanced network infrastructure - XTB constantly develops their infrastructure by investing in the newest technologies to guarantee safety and security for you and your investments.

 

 

CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. 76% of retail investor accounts lose money when trading CFDs with this provider. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.

XTB Limited is authorised and regulated by the UK Financial Conduct Authority (FRN 522157) with its registered and trading office at Level 9, One Canada Square, Canary Wharf, E14 5AA, London, United Kingdom (company number 07227848).

This content has been created by XTB S.A. This service is provided by XTB S.A., with its registered office in Warsaw, at Prosta 67, 00-838 Warsaw, Poland, entered in the register of entrepreneurs of the National Court Register (Krajowy Rejestr Sądowy) conducted by District Court for the Capital City of Warsaw, XII Commercial Division of the National Court Register under KRS number 0000217580, REGON number 015803782 and Tax Identification Number (NIP) 527-24-43-955, with the fully paid up share capital in the amount of PLN 5.869.181,75. XTB S.A. conducts brokerage activities on the basis of the license granted by Polish Securities and Exchange Commission on 8th November 2005 No. DDM-M-4021-57-1/2005 and is supervised by Polish Supervision Authority.

Join over 1 Million investors from around the world

We use cookies

By clicking “Accept All”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

This group contains cookies that are necessary for our websites to work. They take part in functionalities like language preferences, traffic distribution or keeping user session. They cannot be disabled.

Cookie name
Description
SERVERID
userBranchSymbol cc 17 October 2024
adobe_unique_id cc 16 October 2025
test_cookie cc 1 March 2024
SESSID cc 9 September 2022
__hssc cc 16 October 2024
__cf_bm cc 16 October 2024
intercom-id-iojaybix cc 13 July 2025
intercom-session-iojaybix cc 23 October 2024
xtbCookiesSettings cc 16 October 2025
xtbLanguageSettings cc 16 October 2025
TS5b68a4e1027
countryIsoCode
userPreviousBranchSymbol cc 16 October 2025
TS5b68a4e1027
_cfuvid
intercom-device-id-iojaybix cc 13 July 2025
__cfruid
__cf_bm cc 16 October 2024
__cf_bm cc 16 October 2024
_cfuvid
adobe_unique_id cc 16 October 2025
TS5b68a4e1027
_cfuvid
xtbCookiesSettings cc 16 October 2025
SERVERID
TS5b68a4e1027
__hssc cc 16 October 2024
test_cookie cc 1 March 2024
intercom-id-iojaybix cc 13 July 2025
intercom-session-iojaybix cc 23 October 2024
intercom-device-id-iojaybix cc 13 July 2025
UserMatchHistory cc 31 March 2024
__cf_bm cc 16 October 2024
__cf_bm cc 16 October 2024
__cf_bm cc 16 October 2024

We use tools that let us analyze the usage of our page. Such data lets us improve the user experience of our web service.

Cookie name
Description
_gid cc 9 September 2022
_gat_UA-22576382-1 cc 8 September 2022
_gat_UA-121192761-1 cc 8 September 2022
_ga_CBPL72L2EC cc 16 October 2026
_ga cc 16 October 2026
AnalyticsSyncHistory cc 8 October 2022
af_id cc 31 March 2025
afUserId cc 1 March 2026
af_id cc 1 March 2026
AF_SYNC cc 8 March 2024
__hstc cc 14 April 2025
__hssrc
_vwo_uuid_v2 cc 17 October 2025
_ga_TC79BEJ20L cc 16 October 2026
_vwo_uuid cc 16 October 2025
_vwo_ds cc 15 November 2024
_vwo_sn cc 16 October 2024
_vis_opt_s cc 24 January 2025
_vis_opt_test_cookie
_ga cc 16 October 2026
_ga_CBPL72L2EC cc 16 October 2026
__hstc cc 14 April 2025
__hssrc
_ga_TC79BEJ20L cc 16 October 2026
af_id cc 31 March 2025
afUserId cc 1 March 2026
af_id cc 1 March 2026
AF_SYNC cc 8 March 2024
_gcl_au cc 14 January 2025
AnalyticsSyncHistory cc 31 March 2024
_gcl_au cc 14 January 2025

This group of cookies is used to show you ads of topics that you are interested in. It also lets us monitor our marketing activities, it helps to measure the performance of our ads.

Cookie name
Description
MUID cc 10 November 2025
_omappvp cc 28 September 2035
_omappvs cc 16 October 2024
_uetsid cc 17 October 2024
_uetvid cc 10 November 2025
_fbp cc 14 January 2025
fr cc 7 December 2022
muc_ads cc 16 October 2026
lang
_ttp cc 10 November 2025
_tt_enable_cookie cc 10 November 2025
_ttp cc 10 November 2025
hubspotutk cc 14 April 2025
YSC
VISITOR_INFO1_LIVE cc 14 April 2025
hubspotutk cc 14 April 2025
_uetsid cc 17 October 2024
_uetvid cc 10 November 2025
_ttp cc 10 November 2025
MUID cc 10 November 2025
_fbp cc 14 January 2025
_tt_enable_cookie cc 10 November 2025
_ttp cc 10 November 2025
li_sugr cc 30 May 2024
guest_id_marketing cc 16 October 2026
guest_id_ads cc 16 October 2026
guest_id cc 16 October 2026
MSPTC cc 10 November 2025
IDE cc 10 November 2025
VISITOR_PRIVACY_METADATA cc 14 April 2025
guest_id_marketing cc 16 October 2026
guest_id_ads cc 16 October 2026
guest_id cc 16 October 2026
muc_ads cc 16 October 2026
MSPTC cc 10 November 2025
IDE cc 10 November 2025

Cookies from this group store your preferences you gave while using the site, so that they will already be here when you visit the page after some time.

Cookie name
Description
personalization_id cc 16 October 2026
UserMatchHistory cc 8 October 2022
bcookie cc 16 October 2025
lidc cc 17 October 2024
lang
bscookie cc 8 September 2023
li_gc cc 14 April 2025
bcookie cc 16 October 2025
lidc cc 17 October 2024
bscookie cc 1 March 2025
li_gc cc 14 April 2025
personalization_id cc 16 October 2026

This page uses cookies. Cookies are files stored in your browser and are used by most websites to help personalise your web experience. For more information see our Privacy Policy You can manage cookies by clicking "Settings". If you agree to our use of cookies, click "Accept all".

Change region and language
Country of residence
Language