How to put phishers out of a job
October 20, 2023
4 minutes to read
During the first nine months of 2023, Belgians collectively forwarded more than 7 million messages to firstname.lastname@example.org. That's more than last year's number, already a record-setting 6 million messages. To protect internet users, the Centre for Cyber security Belgium (CCB) launched a system to alert them to unsafe websites. Last year, CCB blocked 665,000 websites using this method.
665,000 fewer opportunities to be scammed? That’s already quite a lot. However, online fraud is like a persistent virus. Sometimes when it is transmitted to you, you don't notice anything at first. It pops up in different variants. It comes in waves. And no one can become completely immune to it.
Phishing remains a popular pastime
Phishing is a form of online scam that creates new victims every day. Criminals try to get hold of your personal data by means of a message (email, text message, app, by phone, social media, letter, etc.). And, of course, their favourite target is data they can use to empty your bank account. Fake messages can also trick you into installing malicious software or apps on your computer, tablet or smartphone. In 2022, fraudsters in Belgium were able to steal 39.8 million euros using these techniques. That is a significant increase compared to the previous year when 25 million euros were stolen. (source: Febelfin).
Phishing is not only restricted to emails. It is also possible through text messages, apps, phone calls, social media, letters or any other channel you can think of. Especially apps such as Messenger, WhatsApp and Telegram are popular amongst phishers. Some of these messaging apps allow the sending of a message to a large number of recipients at the same time. If you send a track and trace to a 100 people, there will always be a part who will click automatically as they are already expecting a package.
Banks have already put several systems in place to make transaction processing secure, and to prevent and/or reduce fraud through phishing. By using a virus scanner – which nowadays does more than just scan for viruses – you can also prevent a lot of problems yourself. But even then, phishers may still be too smart for you. Because it doesn't just happen to "absent-minded old people". Even young, technically proficient, and intelligent people like yourself often fall victim to their ploys. According to Febelfin, it is primarily young people who are unaware of what phishing is (23%). Young people also more frequently become victims of phishing (12%) compared to the general Belgian population (8%).
Tips to fool the phishers
Keep your contact details "top secret"
To be able to pick off their victims, criminals need their email address or telephone number. It sounds ironic, but preventing your contact details becoming public is a good start:
- Phishers automatically search the web for email addresses and other contact details. Always think twice before leaving your email address or number somewhere.
- Never respond to unsolicited messages. This tells the phishers that the email address actually exists and is in use.
- Never forward chain letters. Forwarding means that your email address and those of your contacts are distributed.
- Do not click "unsubscribe" in spam or phishing emails. At the end of an email you normally see a link that you can click to unsubscribe from this type of email. This is often a fake link.
Be careful with spreading your IBAN (account number). Do this only when necessary. The same goes for your identity card. Just be cautious, as personal data like these are the tools these fraudsters use.
Ask yourself the following questions
> Was I expecting this? Did you receive a message from the sender for no reason? You haven't bought anything, you haven't been in contact for a long time, etc. Always check further.
> Is it urgent? Did you really receive a reminder to pay? Do you know the "friend in need"?
> Who is the sender? Also check the email address for spelling errors. Please note that having a correct email address is no guarantee, however.
> Is it an unusual question? Official bodies or banks will never ask you by email, text message or phone for your password, bank details or personal data.
> Is a question or a (free) product too good to be true? Then it probably is.
> Where does the link you are asked to click take you to? You can see this on a desktop by hovering your mouse over the link.
> Were you addressed personally? Messages with general and vague forms of address, or addresses you with your email address, should be treated with suspicion.
> Is the message in your spam or junk folder? Then there is probably a good reason for this. You can also mark suspicious messages as spam or junk yourself, and so warn others.
> Is someone trying to make you curious? Anyone would feel curious about a message with a link like "Look what I read about you..." or "Is it you in this picture?", but don't swallow the bait.
Phishers are no (longer) idiots
Confusing and distracting you is exactly what fraudsters want to achieve. And they are damn good at it too. Although you might perhaps be the lucky person who has won the "lottery of 100 Bitcoins" or you are "getting a donation from Bill Gates", fraudsters increasingly refer to current news in order to lead you up the garden path. Suppose something is announced in the news about tax relief, phishing messages from the "Tax Authority" will start circulating the same day.
Fraudsters are also more frequently combining techniques, which can lead you to fall into their trap. Suppose you get a message from “your son” from the phone of “a friend”. Your son’s smartphone has been "in the washing machine", and he can no longer transfer his rent payment using his phone. Could you maybe just transfer the EUR 800 by clicking on this link...? Of course, you don't get caught that way. But then the fraudster calls you a few hours later and pretends to be a bank employee. He reports that suspicious activity has been detected on your current account. You immediately link this to the first fraud attempt. And transfer your money to another "account at the bank" on the recommendation of "the bank employee"...
Once you’ve been scammed once, fraudsters will sometimes try to scam you again. For example, you might receive a gratifying telephone call from a foreign law firm weeks later. They inform you that the perpetrator has been picked up and that they were able to recover your data. The law firm will then offer to prepare a claim. However, you need to pay EUR 1,000 up front …
Follow our advice
- Do not respond to any requests to provide personal data and codes. A bank will never ask you for these.
- Secure your computer. This includes having an up-to-date virus scanner, browser and operating system and a secure wi-fi connection. Do not use a free and/or insecure wi-fi connection.
- Regularly check your transaction history and any future transactions already registered.
- Never leave your computer unattended.
- Always close your session if an unusual event occurs when logging in or while you are banking online.
- Choose passwords and PINs that are not obvious and remember to change them regularly. Use two-step authentication wherever possible.
- Do not save any bank card details in your browser.
- Do not open documents or attachments if you do not trust the sender.
What if you’re scammed?
As soon as you lose money or are blackmailed, report it to the local police. Contact your bank and/or Card Stop on 078 170 170 (+32 78 170 170 from abroad) if you quoted your bank details, money disappears from your bank account or if you have transferred money to a fraudster. This allows any potentially fraudulent transactions still underway to be blocked.