Phishing

Phishing is a frequently occurring internet fraud risk, that is executed via diverse channels. A large percentage of e-mail is completely fake, dangerous, and typically related to money, invoices, payments, and investments.

You must, at any time, pay close attention to unexpected, urgent, too good, strange messages, and messages from unusual (foreign) senders, containing links to unknown and doubtful sites.

You should pay attention to financial exposure, theft of identity, or legal fraud. Google Suite is good at filtering bad content (low percentage of false positives; and high percentage of filtering bad content).

• e-mail
• Phone calls
• Social platforms
• WhatsApp

Suspected parties take advantage of fake e-sites, complex transactions, and legal uncertainty. The problem is also that automated e-administration is used more and more, with fewer human interaction with physical customer service agents.

Related problems can happen via e-mail, SMS, WhatsApp, and other social platforms ("daddy, my mobile number has changed").

• Unexpected packages, undelivered packages

• Register known e-mail addresses
• Block exotic foreign domains
• Block exotic languages
• Be aware of fake promised credit payments from the government, or utility companies
• Verify the mail headers carefully (some technical knowledge of the SMTP mail protocol might be required)
• Sender's name does correspond to the internet domain

• Fraudsters use fake variants of (popular) domains e.g. amazona.com, belgacon.be, proximus.bel, fgov.bel, one.com

Only trust the offficial, well-known domains.

Popular target service providers: Amazon, Argenta, Barclays, Belastingen, Belgacom, Belfius, Bitcon, Bitvavo, BMW, Booking, bpost, Cisco, CM, C.M., CSAM, DHL, Doccle, eBox, Eliza, Eneco, ENGIE, Facebook, Federale Overheidsdienst, FGOV, Fluvius, FOD Financiën, Hallmark, ING, ITSME, KBC, Netflix, One.com, Partena, Proximus, SD Worx, Skynet, SPF Finances, SurveyMonkey, Telenet, Unilever, Wise.

Popular government agencies: BTW, ESG, Federale Overheidsdienst Economie, KBO, Politie, UBO.

eBox is a popular target for fake messages. Currently this only exists for physical persons. But even then fake messages are circulating.

There is currently confusion about a pending implementation of an eBox for enterprises.

• Warning that an account would expire soon.
• Fake problems with Skynet e-mail account

• Unknown or unexpected e-mail senders.
• Unusal or general recipient addresses (info, projects, support)
• Invoice without quote.
• (unspecified) Problems with invoice payments
• Altered bank account numbers
• strange e-invoicing
• Insurance repayment
• non-secure http-addresses for home pages

You will frequently get fake bank notifications, even from (fake) banks where you do not have an account.

• Recover duplicate payments
• Secured message from your bank
• Be careful with fake e-invoices
  • This includes fake QR-codes
  • Even paper invoices can be intercepted with a fake ("new") bank account number
• Validate the sender identity and the author of the invoice
• Validate the format and content of the invoice
• Validate the target bank account number
  • Refuse unexpected invoices
  • Validate domiciliations
  • Register frequently used third party bank account numbers
  • Use your own known third party bank account numbers
    • Notify or inquire your business partner in case this number changes
• Verify at least every month your bank transactions:
  • You can immediately recover enterprise direct debit fraud

Fake KBO and UBO, as well as eBox registrations are popular targets for phishing.

• Only use the official channels for the yearly update.
• The government does not proactively alert you for pending updates
  • But they will fine you for late registrations...

• You are requested to urgently update your personal details.
• Digipass expiration, kaartlezer bijwerken
• Reactivate your Digipass

• Partnership requests
• Old friends
• Message related to a (non-existing) previous message
• Trade proposal

• GDPR, Avast, Antivirus, and other
• Perform an urgent security update
• Problems with your Windows workstation

• Avertising about (second hand) cars, or electric cars.
• Global Directory

• Official instances, or companies, that are sending a personal message to multiple recipients
• The to address is unusual (other name, other domain, unexpected form of address; different from the standard address)
• The from address is unusual: e.g. .com instead of .be
• "Wrong" or bad language (often English, or French)

Verify: use whois to verify the owner of the domain.

Note:

• some companies have a .com domain in addition to their .be domain;
• banks often have domains registered by third-parties.

• Regularly verify and clean your spam folder; group and collapse by sender
• Never click on "random" URLs; don't trust labels, verify the target URL before clicking.
• Make sure that you are only using secure https internet links. Don't trust http URLs.
• Keep your system and application software up-to-date.
• Deinstall unused apps. Only trust official software. Try not to use too many apps; beter use a web browser using a workstation.
• Use strong passwords (system generated: e.g. pwgen -y 15)
• User physical authentication (Digipass, SMS, Authenticator, itsme; beware for fake tools)

• Handle and cleanup your spam-folder:
  • Group by sender.
  • Verify and delete bad, or irrelevant messages.
  • notify other parties.

Forward fake e-mails as an attachment to verdacht@safeonweb.be, or to specific telecom or banking sites. This way the original mail headers are kept; this info can be used for detailed investigation.

• Urgent messages
• A recent (nonexisting) telephonic communication
• Don't trust UPPERCASE MESSAGES
• Suspect naked HTML characters or CSS code
• Bad structured content
• Bad, mixed, or strange language
• Multiple identical messages the same day from the same e-mail address
• Repeated messages with identical or similar content, possibly sent from different e-mail addresses
• Message sent to unrelated recipients
• Repeated messages with identical or similar content, possibly sent to different recipients
• Obvious recipients info, newsletter, support.
• Multiple "last reminder" messages, possibly identical content from different senders
• "A present is waiting for you"
• Final Warning
• Auditing, banking, business (woman), Bitcoins, finance, Financial Advisory, heritage, investments, loans, personal assets, philanthropy, NFT
• International e-mail addresses for national institutions
• Same from label having multiple email addresses, often with identical subject and body
• Tax repayment
• Number one in Google Search
• From address does not correspond to other e-mail addresses in the body text
• Multiple identical messages from different address having the same domain
• From addresses containing multiple digits
• e-mail from "Bill Gates", "Microsoft Advertising"
• e-mail from a cancer patient
• e-mail from @outlook.com
• signature does not correspond to from address
• no recipient
• e-mail to "recipients", or info@, or BCC
• body text language doesn't correspond to specific recipient language
• Messages containing the same (long) URL with different labels
• Multiple buttons leading to the same URLs, or other bad links
• Unrelated links or buttons

• Direct debit fraud
• Bank payments
• Phone calls

• verdacht@safeonweb.be
• fraude@triodos.be
• Safe on web
• https://financien.belgium.be/nl/phishing