Phishing, the devil’s in the details!

5 min leestijd

Society still plagued by phishing scourge. The Centre for Cyber Security (CCB), Febelfin and the Cyber Security Coalition today launched a major awareness campaign, "Phishing, the devil's in the details!", to combat the ongoing threat of phishing (and the huge losses it causes). The campaign is yet another reminder of the need to recognise the traps set by cyber criminals. In the case of phishing, this means paying attention to the domain names (URLs) of fake sites. These are identical in appearance to official or trusted sites, except for a few details.

Phishing, the devil’s in the details!

Install the Safeonweb browser extension and never get caught out again

This morning the Centre for Cybersecurity Belgium (CCB), Febelfin and the Cyber Security Coalition have launched a striking awareness campaign about phishing: Phishing: The devil’s in the details!  This type of online scam is on the rise and continues to claim countless victims, both private individuals and companies and organisations.

Phishing in numbers

  • A total of 39.8 million EUR was stolen as a result of phishing in 2022, which is more than last year (2021: 25 million EUR). This is mainly due to the huge increase in the number of phishing messages sent.
  • 69% of Belgians have received at least one phishing message in the past 6 months (source: Febelfin together with IndiVille, March 2023)
  • 8% of Belgians have never heard of phishing. The older age group scores better in this respect, as 4% have never heard of phishing, which is an improvement from 2022 (7%). Although there is a slight improvement from 2021 (24%) and 2022 (30%), the number of young people who are unfamiliar with phishing is still too high (23%).
  • 8% of Belgians say they have been victims of phishing. Among young people, this percentage is higher at 12%.
  • Only 62% of Belgians who fell victim to phishing knew what steps to take.

Source: storytelling_phishing_nl_230602.pdf (febelfin.be)

  • So far in 2023 (January-September), more than 7 million messages have been forwarded to [email protected], which is more than in the record year 2022 when we received 6 million messages.
  • That’s an average of 26,425 messages each day.
  • + 500 partners campaigning with Safeonweb (CCB) each year We reached half the Belgian population (+18 years old) in recent years

Source: Safeonweb, 2023

Why can’t we just get rid of phishing?

Phishing is not a new phenomenon. Phishing has always been around. Fraudsters try to get their hands on your (bank) details through various channels such as e-mail, phone, letter, text message, social media or WhatsApp. They try to scam people by posing as trustworthy organisations or institutions (banks, government departments, utility companies, etc.).

They send messages containing links to fake websites, where victims are asked to enter personal bank codes. Once the fraudsters get their hands on these personal bank codes, they can carry out transactions on behalf of the victim.

Phishing is a real scourge. Large numbers of messages continue to circulate and trip up victims.  Why can’t we just get rid of phishing? There are several reasons for this.  It’s in our human nature to be curious or get frightened. We simply cannot resist an attractive offer.  Phishers capitalise on this.  They try to approach and convince their victims through all kinds of excuses.  This is called social engineering.

Phishing messages are also increasingly difficult to detect: they rarely contain spelling mistakes anymore, are professionally formatted, refer to very convincing looking websites, etc. The cybercriminals have become real professionals. The future does not really look very bright.  AI opens up many new positive prospects, but scammers will also be only too happy to use various applications to send persuasive, attractive and personalised messages.

Phishing: The devil’s in the details!

However, it is not impossible to identify phishing messages and phishing websites.  The devil’s in the details.  To make sure you never click on a link leading to scam website, you should learn to read the website’s URL. How?

Hover your mouse over the link. If the domain name, i.e., the word before .be, .com, .eu, .org, etc. and before the very first slash “/” really is the name of the organisation you are looking for, then you can trust the website.  But if you see something else there, an odd combination, or the domain you expect but with a slight difference, be careful!

For example:

  • The domain is safeonweb for the link www.safeonweb.be/tips. In this example, you will be taken to the correct website.
  • If the link is www.safeonweb.tips.be/safeonweb, “tips” is the domain, and you will be taken to another website.

Scammers will use URLs that are slightly different. So always look very carefully at the URL before clicking on it. When in doubt, don’t click on a link in a post, but go to the website yourself by typing the URL you know and generally use into your browser bar.

Centre for Cyber Security Belgium launches Safeonweb browser extension

As it is still very difficult for many people to properly read and understand a URL, we are launching a new tool: the Safeonweb Browser extension, which will help you determine the reliability of any website you visit. The extension assigns a trust level to each website: high, medium or low.  This trust level is based on known factors about the website’s domain, its owner and the certification level obtained from a certification authority.

The call to action to the campaign is therefore: Install the Safeonweb extension for your browser.  It will alert you when you visit a website that’s unsafe and when it is dangerous to enter your details.

In addition to the Safeonweb browser extension, Safeonweb has 3 other tools:

  1. E-mail address: [email protected]

Forward suspicious messages to [email protected]. We will investigate the suspicious links in all the messages you send to [email protected] . If less attentive internet users click on that link afterwards, they will receive a clear warning not to visit that page.

  1. The Safeonweb app.

We collect information on common suspicious messages and share this via the Safeonweb app. That way, you will be informed when suspicious reports are making the rounds. You can find the Safeonweb app in the official appstores (App Store and Google Play Store).

  1. Safeonweb’s online training

Learn to identify suspicious messages in 10 minutes Go to surfwithoutworries.safeonweb.be

Febelfin has created Hacker Hotline

Hacker Hotline is a travelling escape room, which Febelfin hopes will make young people aware of the dangers of online fraud and get rich quick schemes and will help them arm themselves against it. Players are challenged to be smarter than the phisher… The game fits seamlessly with this new campaign.

Hacker Hotline is a travelling escape room which Febelfin takes to young people, partners, schools and events to raise awareness about online types of fraud such as phishing and WhatsApp fraud. During the game, you will learn more about the methods fraudsters use to trap people and you will learn how to arm yourself against this kind of fraud. Once you have escaped from the bus, you will have all the tools you need to go online safely in real life too. Meanwhile, you will also learn about key concepts such as two-factor authentication or how to generate a strong password.

Who is it intended for?

First and foremost, the escape game is intended for young people, to make them aware of the risks of get rich quick schemes and other types of fraud such as phishing and WhatsApp fraud. The general public also benefits from increased awareness and can play the game. Hacker Hotline can be used by members, organisations, associations, schools or partners who want to warn about online fraud.

Campaigning together

Only by cooperating with governments, the police, the judiciary, the telecom sector, etc., can we tackle phishing. That is why the CCB, Febelfin and the Cyber Security Coalition, together with more than 500 partners, have joined forces for a new, broad-based awareness campaign that aims to inform and warn people. After all, Internet users have to become more vigilant. Alert members of the public are extra cautious, and that is the purpose of this awareness-raising campaign.

The aim is to appeal to the widest possible audience to make sure the campaign is heard by everyone. The campaign will run on various channels: the key message will be delivered via TV ads and in cinemas. Social media will also be used to raise awareness of the dangers of phishing. All campaign material can be downloaded at https://safeonweb.be/en/campaign-material

The threat landscape continues to evolve, year after year, requiring a collective response from industry, government, academia and members of the public.  The CCB’s national awareness campaign provides an essential platform for all stakeholders to play an active role in strengthening our digital defences.

The Cyber Security Coalition’s sponsorship and ongoing involvement in this campaign reflects our belief that awareness is the first line of defence against cyber threats.  By equipping individuals and organisations with the knowledge and tools to identify, prevent and respond to cyber incidents, we enable them to navigate the digital world with confidence and security.

Our co-operation with the CCB campaign underscores our commitment to promoting a cyber-smart society, able to harness the benefits of technology while mitigating its inherent risks.

Séverine Waterbley, President of FPS Economy and Cyber Security Coalition Director

 

All campaign materials are available in different languages on the SafeOnWeb website.

 

(Visited 254 times, 1 visits today)

About the author

Cathy Suykens joined the Cyber Security Coalition in April 2018 as Operations Manager. She boasts a longstanding career in the financial services industry in different domains with various assignments abroad.