Phishingfraud in 2021: the numbers

3 May 2022 - 9 min Reading time

Phishing has become a social and widespread problem that claims many victims. Unfortunately, this was also the case in 2021, according to new figures. Although we see a significant drop in successful phishing fraud cases, the number of fraud attempts remains high and no sector is spared. The banking sector and the Center for Cyber ​​Security Belgium (CCB) have already set up several awareness campaigns, but are also increasingly collaborating with other sectors to put a stop to fraudsters.


And those efforts are paying off. There is a substantial decrease in the total amount stolen via phishing: In 2021, 9 million euros less was stolen than the year before. That is a decrease of more than 26%. A good thing, but we are noticing an important shift towards other forms of fraud, such as investment, invoice, request for help or vault account fraud, where the victim is persuaded to transfer money himself.

Less successful fraud cases via phishing


In 2020, we saw a huge rise in all forms of online fraud, including phishing. In phishing, victims give their personal bank codes to fraudsters – usually by clicking on a link that leads to a fraudulent website – so that the latter can transact on behalf of the victim. In this way, 34 million euros were captured in 2020. That figure fell a year later: the counter for 2021 stands at 25 million euros. That is a decrease of more than 26%.

25 million euros is the net loot, the actual damage suffered, not counting the attempted fraud. About 75% of these fraudulent – ​​but perfectly signed – transfers were reversed by the banks, both by detecting and blocking them in time and by recovering the captured amounts. These fraud cases prevented by the banks are not included in the net amount.

Cijfer betreft nettofraude.


Other forms of scams


In addition to phishing - fraud through sharing your codes with third parties - there are also many other ways of online scams. Victims are manipulated by scammers and are encouraged to transfer money themselves to the account of the scammer.

One such form of fraud that is increasingly on the rise is investment fraud or boiler room fraud. It is a form of scam in which fraudsters offer you fictitious or worthless stocks or financial products. You are usually contacted unsolicited with an offer for a fantastic deal that promises high returns. The “sellers” put you under heavy pressure so that you would deposit more and more money. If you go along with this, you will get your hands on fictitious shares or worthless financial products. The criminals will run with your money and you will be left penniless.

"Always be wary of promises of exceptionally high returns. Often this is a signal for fraud. If it sounds too good to be true, it is."
Jim Lannoo, spokesman FSMA

With safe-deposit account fraud, fraudsters try to gain the trust of the victim and pose as a bank employee and ask to transfer your money to a supposedly new, safe account, because fraud has been committed with your current account. Of course that account does not exist. If you transfer the money, it will end up in the scammer's account.

Request for help fraud is another well-known example of this type of fraud. The fraudster pretends to be an acquaintance or family member of the victim and, through a web of lies, convinces the victim to make a transfer.

Investment, safe-deposit account fraud and help request fraud are therefore forms of fraud in which the victim himself transfers the money to an account of a fraudster. But many other forms of fraud fit into this list, just think: invoice fraud, helpdesk and friendship fraud, and CEO fraud.

Be vigilant for online fraud


Fraudsters not only use different channels - such as email, letter, telephone, SMS, social media and whatsapp - but they also commit the fraud on behalf of various organizations and institutions such as banks, government administrations, telecom operators, utilities, and so on. The list is long. That is why this is also a broad social phenomenon: different sectors are involved and everyone is a potential victim due to the wide variety of channels.

The ingenuity of fraudsters may be impressive, but a lot of damage can be prevented by being vigilant:

  • Never provide personal codes (pin code & response code) in response to an email, telephone conversation, text message, social media or whatsapp message. Such questions are never asked by your bank or a bank employee.
  • A bank employee will never ask you to transfer money to another, supposedly safe account.
  • Never click on a link you received to make online transfers, but always type the address of the desired bank website in your browser yourself or use your own mobile banking app. Only then can you be sure that nothing is wrong. If you receive a message from a friend asking you to transfer money, call him or her first before making a transfer. Always make sure you know who you are dealing with.
  • The FSMA also gives some tips to arm yourself against investment fraud:
    • Be wary if you are contacted by telephone or e-mail with a financial offer without prior request as an investor. This is often the first step of a fraudulent practice.
    • Watch out if you are asked to transfer money to a country that has no connection whatsoever with the company, nor with your home country as an investor. Please also note that in most cases, boiler room fraud asks for money to be transferred to bank accounts opened with banks located in Asia.
    • Be suspicious if a sky-high profit is promised. Scammers often make it appear from the outset that significant profits are being made. Things only go wrong when the investor asks for his investment back.

What does the bank do to protect you?


Banks have built in various systems to ensure that transactions are secure and to prevent and/or contain fraud as a result of phishing as much as possible. For example, two-step authentication has been required for online and mobile banking for the last ten years. The customer identifies himself using two of the following three elements to initiate e-payments: something he knows (e.g. PIN code), something he owns (e.g. smartphone), something he owns (e.g. fingerprint) . Guaranteeing smooth and fast payment traffic and efficient fraud detection is a difficult and delicate balance. It requires continuous investments in personnel and infrastructure from the banking sector.

The banks also invest in intensive monitoring and thus undo a great deal of damage. These efforts are yielding remarkable results: about 75% of fraudulent transfers via phishing were detected by the banks and blocked or recovered.

Banks are therefore constantly taking measures to prevent fraud. But if victims are persuaded to transfer money to the scammers themselves, it is more difficult for the bank to recognize fraud and detect it through monitoring.

We are also fully committed to awareness-raising campaigns, both by individual banks and at sector level, in which we would like to call on everyone to be vigilant for phishing and online fraud. Campaigns with tips, both on social media and on TV and radio, reached a large target audience. But the number of fraud cases remains high and so there is still work to be done.


Collaboration in the fight against online fraud


Given the many forms and complex nature of online scams, there are not only technical working groups with financial experts who exchange information, but also partnerships with other stakeholders. For example, there are collaborative initiatives with telecom operators, the public prosecutor's office, the police, government agencies and the judiciary to tackle online fraud in all its forms. Together we also want to spread the awareness message as widely as possible.

After all, online fraud has become a social problem. The fraudsters strike more and more and due to their diverse way of working, no sector is spared. Everyone is involved and that makes online safety a shared responsibility. Only together can we fight this battle.

Noticed anything suspicious?


Received a text, email or letter that you suspect is phishing? Be on the lookout and forward it to and if the message misuses the name of a bank to phishing@bankdomainname.

If you receive a phishing message at work, notify the ICT service as well. Forward the phishing message and then delete it.

Got scammed?

Please follow next steps immediately:

  • Call Card Stop on 078 170 170
  • Notify your bank immediately.
  • Collect all data to prove the facts and the damage suffered.
  • Report to the police immediately.