Phishing in 2020: the numbers

24 March 2021 - 9 min Reading time

In 2020, fraud via phishing has increased enormously worldwide. The fraudsters have taken advantage of the corona crisis and have thus responded more than usual to emotion and current events to deceive people.

  • The data collected shows that approximately 67,000 fraudulent transactions through phishing have occurred in Belgium, amounting to approximately EUR 34 million.
  • Belgian banks make enormous efforts to prevent fraudulent transactions as a result of phishing (continuous investments in the security of online and mobile banking, intensive monitoring of transactions, awareness campaigns, etc.). More than 75% of all fraudulent transfers are detected by the banks and blocked or recovered.
  • Phishing has become a social problem. The fraudsters strike more and more and due to their diverse way of working, no sector is spared. The banking sector has already set up several awareness campaigns, but is also collaborating with other sectors to put a stop to fraudsters. For example, there is regular and increasing consultation with the telecom sector, the police, the public prosecutor's office, government agencies and the judiciary. Only together can we successfully fight this battle.
  • Despite the ingenuity of the fraudsters, phishing is easy to avoid with sufficient vigilance and caution:
    • never pass on personal codes (pin code & response code) in response to an email, telephone conversation, text message, social media or whatsapp message. If asked about it, it is a scam.
    • never click on a received link, but always type the address of the desired bank website in your browser yourself or use your own mobile banking app.

The numbers

 

In 2020, we have seen a huge rise in all forms of online fraud, including phishing. Victims give their personal bank codes to fraudsters – usually by clicking on a link that leads to a fraudulent website – so that they can transact on behalf of the victim. Our statistics show that around 67,000 fraudulent transactions via phishing took place in 2020, for a total net amount of around EUR 34 million.

De effectief geleden schade. Het nettobedrag is niet meer terug te vorderen door de banken.

More than 75% of the fraudulent – ​​but perfectly signed – transfers were reversed by the banks,  both by detecting and blocking them in time and by recovering the captured amounts. These prevented fraud cases are not included in the net amount. The numbers and amounts are substantial, but cannot be compared with previous years, because Febelfin is reporting for the first time on all types of phishing (without distinction between bank and non-bank phishing) and all payment types (no longer exclusively e-transfers, but also e-payment card transactions).

This distinction is important: with bank phishing scammers impersonate a financial institution  by copying the logo and the look & feel of the bank. Non-bank phishing happens when scammers address their potential victims on behalf of other organizations such as e-commerce companies, telecom companies or the government. Phishing has recently become a social phenomenon that affects all sectors - no longer just financial institutions.

Fraudsters are also increasingly using e-payment card payments (i.e. when a fraudster pays online in your name with your card), which is why we also include these fraud figures in our statistics. So limiting reporting to bank phishing and e-transfers as we have always done in the past was no longer representative.

Not included in these figures are forms of online fraud where the fraudster did not fish for the victim's personal codes. In these cases, the victim was manipulated into transferring money to the scammer's account themselves. Examples include request for help, invoice and CEO fraud.

Never give your codes or click on a link

 

The corona crisis was a great opportunity for fraudsters to scam people. The different forms of phishing are numerous and complex. Fraudsters not only use different channels - such as email, letter, telephone, SMS, social media and whatsapp - but they also commit the fraud on behalf of various organizations and institutions such as banks, government administrations, telecom operators, utilities, and so on. The list is long. That is why this is also a broad social phenomenon: different sectors are involved and everyone is a potential victim due to the wide variety of channels.

The ingenuity of fraudsters may be impressive, but phishing is still easy to prevent:

  • Never provide personal codes (pin code & response code) in response to an email, telephone conversation, text message, social media or whatsapp message.
  • Never click on a received link, but always type the address of the desired bank website in your browser yourself or use your own mobile banking app. Only then can you be sure that nothing is wrong.

In short: digital payment and banking is and will remain safe, as long as you keep your personal codes to yourself and remain vigilant.

What does the bank do to protect you against phishing?

 

Banks have built in various systems to ensure that transactions are secure and to prevent and/or contain fraud as a result of phishing as much as possible. For example, two-step authentication has been required for online and mobile banking for the last ten years. The customer identifies himself using two elements – a card or phone, a PIN, a fingerprint or a face scan – to initiate e-payments.

Banks invest in intensive monitoring and thus undo a lot of damage. These efforts have remarkable results: over 75% of all fraudulent transfers (for which a phish response code was used) are detected by the banks and blocked or recovered. Guaranteeing smooth and fast payment traffic and efficient fraud detection is a difficult and delicate balance. It requires continuous investments in personnel and infrastructure from the banking sector, but the results are encouraging.

We also launch awareness campaigns, in which we would like to call on everyone to be vigilant for phishing and online fraud. Campaigns with tips, both on social media and on TV and radio, reached a large target audience. But the number of fraud cases continues to increase, so there is still work to be done. Awareness campaigns will always remain important, but the financial sector does much more than that.

 

Phishing has become a social problem

 

Given the nature of the problem, there are not only technical working groups with financial experts who exchange information to detect as much fraud as possible , but we are also working on partnerships with other stakeholders. For example, initiatives are underway in collaboration with telecom operators, the public prosecutor's office, the police, government agencies and the judiciary to tackle phishing in all its dimensions and manifestations. Together we also want to spread the awareness message as widely as possible.

Phishing has become a social problem. The fraudsters strike more and more and due to their diverse way of working, no sector is spared. Everyone is involved and that makes online safety a shared responsibility. Only together can we fight this battle.

 

3 ways to avoid phishing

 

Phishing can be prevented. You are always one step ahead of fraudsters if you consistently respect the following rules:

  • Never give your pin code or codes generated by your card reader in response to a message via email, text message or social media or via telephone.
  • Ignore messages that take you via a link to a (fake) payment site or a (counterfeit) website of your bank.
  • Only make transfers in the bank's trusted app on your smartphone or type the address of the desired bank website in your browser yourself. So be careful with search engines, because fraudsters can also lead you to fake websites

Noticed anything suspicious?

 

Received a text, email or letter that you suspect is phishing? Report this to phishing@bankdomainname and to suspicious@safeonweb.be. Forward the phishing message and then delete it.

 

Victim?

 

If you have fallen into the trap, it is best to take the following steps:

  • Call Card Stop on 070 344 344.
  • Notify your bank.
  • Collect all data to prove the facts and the damage suffered.
  • Immediately file a report with the police.