Phishing, the devil’s in the details!
11 October 2023 - 8 min Reading time
Install the Safeonweb browser extension and never get caught out again
Campaign provides internet users with new online safety tools
On 16 October, the Centre for Cybersecurity Belgium (CCB), Febelfin and the Cyber Security Coalition will launch a striking awareness campaign about phishing: Phishing: The devil’s in the details! This type of online scam is on the rise and continues to claim countless victims, both private individuals and companies and organisations.
Some numbers
- A total of 39.8 million EUR was stolen as a result of phishing in 2022, which is more than last year (2021: 25 million EUR). This is mainly due to the huge increase in the number of phishing messages sent.
- 69% of Belgians have received at least one phishing message in the past 6 months (source: Febelfin together with IndiVille, March 2023)
- 8% of Belgians have never heard of phishing. The older age group scores better in this respect, as 4% have never heard of phishing, which is an improvement from 2022 (7%). Although there is a slight improvement from 2021 (24%) and 2022 (30%), the number of young people who are unfamiliar with phishing is still too high (23%).
- 8% of Belgians say they have been victims of phishing. Among young people, this percentage is higher at 12%.
- Only 62% of Belgians who fell victim to phishing knew what steps to take.
- So far in 2023 (January-September), more than 7 million messages have been forwarded to suspicious@safeonweb.be, which is more than in the record year 2022 when we received 6 million messages.
- That's an average of 26,425 messages each day.
- + 600 partners campaigning with Safeonweb (CCB) each year We reached half the Belgian population (+18 years old) in recent years
Source: Febelfin & Safeonweb 2023
Why can't we just get rid of phishing?
Phishing is not a new phenomenon. Phishing has always been around. Fraudsters try to get their hands on your (bank) details through various channels such as e-mail, phone, letter, text message, social media or WhatsApp. They try to scam people by posing as trustworthy organisations or institutions (banks, government departments, utility companies, etc.).
They send messages containing links to fake websites, where victims are asked to enter personal bank codes. Once the fraudsters get their hands on these personal bank codes, they can carry out transactions on behalf of the victim.
Phishing is a real scourge. Large numbers of messages continue to circulate and trip up victims. Why can't we just get rid of phishing? There are several reasons for this. It's in our human nature to be curious or get frightened. We simply cannot resist an attractive offer. Phishers capitalise on this. They try to approach and convince their victims through all kinds of excuses. This is called social engineering.
Phishing messages are also increasingly difficult to detect: they rarely contain spelling mistakes anymore, are professionally formatted, refer to very convincing looking websites, etc. The cybercriminals have become real professionals. The future does not really look very bright. AI opens up many new positive prospects, but scammers will also be only too happy to use various applications to send persuasive, attractive and personalised messages.
Phishing: The devil’s in the details!
However, it is not impossible to identify phishing messages and phishing websites. The devil’s in the details. To make sure you never click on a link leading to scam website, you should learn to read the website's URL. How?
Hover your mouse over the link. If the domain name, i.e., the word before .be, .com, .eu, .org, etc. and before the very first slash "/" really is the name of the organisation you are looking for, then you can trust the website. But if you see something else there, an odd combination, or the domain you expect but with a slight difference, be careful!
For example:
- The domain is safeonweb for the link www.safeonweb.be/tips. In this example, you will be taken to the correct website.
- If the link is www.safeonweb.tips.be/safeonweb, "tips" is the domain, and you will be taken to another website.
Golden rule
Scammers will use URLs that are slightly different. So always look very carefully at the URL before clicking on it. When in doubt, don't click on a link in a post, but go to the website yourself by typing the URL you know and generally use into your browser bar.
Centre for Cyber Security Belgium launches Safeonweb browser extension
As it is still very difficult for many people to properly read and understand a URL, we are launching a new tool: the Safeonweb Browser extension, which will help you determine the reliability of any website you visit. The extension assigns a trust level to each website: high, medium or low. This trust level is based on known factors about the website's domain, its owner and the certification level obtained from a certification authority.
The call to action to the campaign is therefore: Install the Safeonweb extension for your browser. It will alert you when you visit a website that's unsafe and when it is dangerous to enter your details.
In addition to the Safeonweb browser extension, Safeonweb has 3 other tools:
- E-mail: verdacht@safeonweb.be
- The Safeonweb app
- The Safeonweb e-learning
Febelfin has created Hacker Hotline
Hacker Hotline is a travelling escape room, which Febelfin hopes will make young people aware of the dangers of online fraud and get rich quick schemes and will help them arm themselves against it. Players are challenged to be smarter than the phisher... The game fits seamlessly with this new campaign.
"Hacker Hotline is a travelling escape room which Febelfin takes to young people, partners, schools and events to raise awareness about online types of fraud such as phishing and WhatsApp fraud. During the game, you will learn more about the methods fraudsters use to trap people and you will learn how to arm yourself against this kind of fraud. Once you have escaped from the bus, you will have all the tools you need to go online safely in real life too. Meanwhile, you will also learn about key concepts such as two-factor authentication or how to generate a strong password."
About the game
Anyone can be a victim of online fraud. In the Hacker Hotline you are the point of contact for victims of phishing and scams. Your job is to provide help to panicky people via the telephone and video line, a race against time. The game becomes even more exciting when the hacker suddenly appears on the scene. Find out via this link.
The Hacker Hotline is a collaboration between Febelfin and the creative agency Hurae.
Campaigning together
Only by cooperating with governments, the police, the judiciary, the telecom sector, etc., can we tackle phishing. That is why the CCB, Febelfin and the Cyber Security Coalition, together with more than 500 partners, have joined forces for a new, broad-based awareness campaign that aims to inform and warn people. After all, Internet users have to become more vigilant. Alert members of the public are extra cautious, and that is the purpose of this awareness-raising campaign.
The aim is to appeal to the widest possible audience to make sure the campaign is heard by everyone. The campaign will run on various channels: the key message will be delivered via TV ads and in cinemas. Social media will also be used to raise awareness of the dangers of phishing. All campaign material can be downloaded at https://safeonweb.be/en/campaign-material
"Each year, the threat landscape continues to evolve, requiring a collective response from industry, government, academia and citizens. The CCB and its partners' national awareness campaign provides an essential platform for all stakeholders to play an active role in strengthening our digital defenses."
