Phishing

Phishing is a frequently occurring internet fraud issue.

You should at any time pay attention to unexpected, urgent, too good, strange messages, and messages containing links to unknown and doubtful sites.

You should pay attention to financial exposure, theft of identity, or legal fraud.

They take advantage of e-sites, complex transactions, and legal uncertainty. The problem is also that automated e-administration is used more and more, with fewer human interaction with physical customer service agents.

• Register known e-mail addresses
• Block exotic foreign domains
• Block exotic languages
• Be aware of fake promised credit payments from the government, or utility companies
• Verify the mail headers carefully (some technical knowledge of the SMTP mail protocol might be required)

Related problems can happen with SMS, WhatsApp, and other social platforms ("daddy, my mobile number has changed").

Forward the fake e-mail as an attachment to verdacht@safeonweb.be, or to specific telecom or banking sites.

• Fraudsters use fake variants of (popular) domains e.g. proximus.bel, fgov.bel

Only trust the offficial, well-known domains.

eBox is a popular target for fake messages. Currently this only exists for physical persons. But even then fake messages are circulating.

There is currently confusion about a pending implementation of an eBox for enterprises.

You will frequently get fake bank notifications, even from (fake) banks where you do not have an account.

• Be careful with fake e-invoices
  • This includes fake QR-codes
  • Even paper invoices can be intercepted with a fake ("new") bank account number
• Validate the sender identity and the author of the invoice
• Validate the format and content of the invoice
• Validate the target bank account number
  • Refuse unexpected invoices
  • Validate domiciliations
  • Register frequently used third party bank account numbers
  • Use your own known third party bank account numbers
    • Notify or inquire your business partner in case this number changes
• Verify at least every month your bank transactions:
  • You can immediately recover enterprise direct debit fraud

Fake KBO and UBO registrations are popular targets for phishing.

• Only use the official channels for the yearly update.
• The government does not proactively alert you for pending updates
  • But they will fine you for late registrations...

• Make sure that you are only using secure https internet links
• Keep your software up-to-date.
• Deinstall unused apps.
• Use strong passwords (system generated: e.g. pwgen -y 12)
• Physical authentication (Digipass, SMS, Authenticator)

• Direct debit fraud
• Bank payments
• Phone calls

• Safe on web
• fraude@triodos.be