Don't get taken in by phishing

Phishing, or fishing for your personal details by e-mail, telephone, text message or WhatsApp, has been on the rise for many years. This form of fraud uses ever more cunning methods (latching onto current events, posing as a government institution, bank or online government services such as My eBox) to try to steal login details, bank debit card and/or credit card information, PIN codes or other personal data.

And this is done in an increasingly professional way.

Common phishing techniques

Cybercriminals will often play on a sense of fear or curiosity. They do this, for example, by sending you an e-mail asking you to confirm and/or fill in confidential bank or internet banking details. They then try to entice you to click on a particular link or attachment.

Example : « 'Prevent your Itsme account from being permanently blocked! »

Other common phishing techniques:

• asking you to provide/confirm bank details by text message, e-mail or WhatsApp;
• sending a message regarding reimbursement of a certain amount;
• saying that your son or daughter needs money fast and asks you to send it via his/her new number;
• messaging you that you have won something even though you haven't done anything;
• demanding that you have to settle an outstanding debt, but you have no idea what it is about;
• inviting you to repay your coronavirus vaccination (while they were free);
• and so on.

TIP: Never share personal codes or passwords.

Types of phishing

1. Phishing via government or current affairs

Cybercriminals often use a government institution as a cover for their fraudulent practices. They then, for example, assume the identity of the Overseas Social Security Administration (OSS) with the aim of defrauding you.

Example :

[OSS] Dear Sir/Madam, the Overseas Social Security Administration has decided that you will receive a refund of 85.50 euros. To receive this amount, please visit our website: https://overseas-belgium.info/be/terugbetaling/ontvangen/index.php

Please note: the OSS will never contact you by text message.

In addition, they often latch on to current events. At the start of the coronavirus crisis, an increase in the number of coronavirus-related phishing campaigns was therefore observed.

TIP: Are you unsure about the accuracy of a particular communication (e-mail, telephone, etc.)? Please contact the relevant authority through the official channels.

2. Aid fraud

Scammers are also often active via WhatsApp and other social media channels. On these channels, they sometimes manage to hack into the profile of a friend, acquaintance, etc., or pretend to be your son or daughter. In the latter situation, they often adopt a cunning approach by indicating that they have a new number and may be in trouble.

They then use this profile to try to cheat you out of money. A good tip is always to verify the question through another channel. Call the sender when he/she suddenly asks for a sum of money.

Recognise a suspicious message

1. By e-mail

Pay close attention to the e-mail address of the sender. Cybercriminals sometimes use an e-mail address that is very similar to the official address of a certain authority. So always be critical when you receive an unusual e-mail in your mailbox. Do you have a strange feeling about an e-mail? Then trust your instincts and look at the e-mail carefully before taking any action.

The official extension of the Overseas Social Security is: @onssrszlss.fgov.be

TIP: Check the e-mail carefully before taking any action.

2. Text message / WhatsApp

The Overseas Social Security Administration or any other government agency will never contact you via text message or WhatsApp asking you to confirm or provide personal details. Have you received such a message? Then contact the institution (through official channels) from which the message allegedly originated to check its authenticity.

TIP: Government services will never contact you by text message. If in doubt, check authenticity by contacting the institution in question.

Spotting phishing

If you receive a suspicious e-mail, text message or WhatsApp message, it is advisable to delete it as soon as possible. If you receive a phishing phone call, end it immediately.

The Overseas Social Security Administration may contact you by telephone, but will never ask for your personal details without a means of verification.

Do you think you've been a victim of (attempted) phishing?

• If you have passed on bank details, please call Card Stop immediately (+32 78 170 170). It is also advisable to contact your bank. Do this through the official channels.
• It is also a good idea to contact the police. They will then draw up an official report. You can then pass on this information to the bank or your insurer.
• Always report (an attempt at) phishing to the Centre for Cybersecurity Belgium at suspect@safeonweb.be.

Interesting sources

• Safeonweb.be(New window)
• Safeonweb App: this application provides you with information on cyberthreats and online scams in Belgium. You will receive two types of message: threats - these are warnings for your specific network. In addition, you also have the 'news' section - these reports provide information on current cyberthreats in Belgium.
• FPS Economy (in French)(New window)