Phishing is on the rise: don't give fraudsters a chance

A text message from your bank about a suspicious transaction. A phone call from someone who says they are from Card Stop. An email asking you to confirm your details. Phishing has become so familiar that we practically consider it normal. But the threat is growing, and the methods are becoming increasingly sophisticated.

Vigilant Belgians reported nearly 10 million suspicious messages to verdacht@safeonweb.be in 2025. That’s three times as many as in 2020. These figures confirm that phishing remains by no means on the decline (source ). These reports helped identify suspicious links and automatically redirected less vigilant internet users who clicked on them to a warning page. This redirection occurred no fewer than 200 million times in 2025 ( source).

The financial damage from phishing is enormous. In 2024, fraudsters made off with around 49 million euros in Belgium through phishing. In 2022 and 2023, this was still 40 million, in 2021 it was around 25 million (source ). Final figures for 2025 are not yet available, but given the further rise in the number of reports and waves of attack, a new record is by no means out of the question. Recent figures on fraud via online shops and platforms are available for 2025 Belgian consumers lost 32 million euros last year to fraudsters in online marketplaces, a sharp increase from 12 million euros in 2024 (source ).

From spelling mistakes to perfect communication

In the past, a phishing email could be recognised by poor language, a strange email address or an amateurish layout. Those days are (for the most part) over. With AI tools, criminals can write flawless messages and imitate companies’ communication styles. Classic warning signs such as spelling mistakes are disappearing, and spam filters are becoming easier to bypass.

What’s more, phishing is no longer limited to email. Criminals are active via text messages (or SMS, hence smishing), WhatsApp, Facebook, Google Calendar invitations, fake QR codes (quishing), second-hand websites, and so on. The barrier to entry has also become very low. A basic app to mimic messages from a bank costs barely 150 euros (source). Fraudsters play on emotion and urgency. They send messages like “Your subscription will be cancelled tomorrow” or “A suspicious login attempt has been detected on your account.” The goal is always the same: to get you to click on a link that leads you to a malicious website. Anyone who enters their details there will give them directly to the fraudsters.

Vishing: the phone as a weapon

The most striking trend of the past year is the sharp rise of vishing. In this type of fraud, criminals call their victims and pose as employees of a bank, Card Stop or even the police. These calls often start with a robocall: an automatic message asking you to press a key. Anyone who does so will be put through to a fraudster posing as a real employee. Even if the phone number appears to be Belgian and the caller knows your name or account details, this does not mean that the call is legitimate (source).

Another variant currently on the rise: criminals pose as telecom employees and persuade their victims to download a certain app. Through this app they gain access to the device, and thus to bank details, passwords and personal information.

Quishing: the QR code as a trap

Another emerging technique is quishing: fraud using fake QR codes. This involves distributing codes via email, text message or WhatsApp, which look official but link to fraudulent websites. Victims are asked to pay a fictitious fine or bill, or unwittingly install an app that steals online banking credentials. We scan QR codes instinctively, without checking the URL behind them: this is precisely the reflex that fraudsters abuse.

How can you protect yourself?

1. Never simply click on a link

Have you received a suspicious message? Always type the web address into your browser yourself. Never click on links in emails, text messages or WhatsApp messages, even if the sender appears to be trustworthy.

2. Scan QR codes with a healthy dose of scepticism

Always check the URL to which the QR code refers before you enter any details or make a payment.

3. Hang up the phone if in doubt

Are you receiving a call from someone claiming to be from your bank, Card Stop or the police? End the call and ring back yourself using the official number. Never give out codes, passwords or PINs over the phone. No legitimate organisation will ever ask for them.

4. Don't download apps on request

Is someone asking you over the phone or via a message to download an app? Never do this. Criminals use this to gain access to your device and bank details.

5. Forward suspicious messages

Have you received a phishing email? Forward it to verdacht@safeonweb.be. This way, you're not only helping yourself, but others too.

6. Enable two-step authentication

Add an extra layer of security to your online accounts. Even if someone has your password, two-step authentication makes it much harder for criminals to actually log in.

7. Check your accounts regularly

Check your transaction history regularly. The sooner you spot a suspicious transaction, the greater the chance that your bank can limit the damage.

TIP

Are you unsure whether a message, phone call or email is really from Keytrade Bank? Use the In Call App feature in the Keytrade Bank app when you call us. That way, you can be 100% sure you’re speaking to an official member of staff.

Stay safe online with Keytrade Bank

At Keytrade Bank, we make security a top priority. If your personal bank details have been listed on a suspicious website, your personal details have been shared with an unknown person over the phone, or you've spotted an unknown payment that you didn't make yourself, you can call us 24/7 on +32 (0)2 679 90 00.