New campaign urges Internet users and companies to take action against phishers

Phishing is the simplest cyberattack yet the most dangerous and effective. In November, the Centre for Cybersecurity Belgium, Febelfin, and the Cyber Security Coalition launched an awareness campaign about the dangers of phishing called Outsmart a phisher.[1] This campaign aims to increase internet users’ vigilance and provide tips on how to avoid falling for this type of scam. Phishing continues to make countless victims including private individuals, companies, and organizations.

Phishing is an attack in which cybercriminals pose as trusted persons or organizations to steal confidential information from internet users.[2] That information could be usernames, banking logins, credit card details, business login credentials, or passwords.

In the past, phishing messages were written in poor language and presented in an amateurish manner. Nowadays phishing techniques are way more elaborate than the traditional Nigerian prince scam.[3] The hackers pretend to act on behalf of large IT companies, banks, or public institutions. The language used is polished and the lay-out is professional. The hackers will ask the internet user to log in, click on a link, download an attachment or send money. The Internet user encodes his password credentials and username, which allows the hacker to steal identities, empty bank accounts, and sell personal information on the black market.

Under Belgian Law, banks are liable for any damage suffered by victims of phishing and must compensate them.[4] However, liability does not apply if the bank can establish gross negligence on the part of the customer.

Earlier this year, a Belgian bank was ordered to refund victims of phishing in two lawsuits, yet no compensation has been paid so far. Additionally, a group of customers, who fell victim of phishing, have recently filed a class action suit against another Belgian bank for failure of compensating the victims. Also here the Belgian bank does not want to compensate the losses claiming gross negligence from the customers for deliberately having transferred their money to the hackers.[5]

In 2020, 67,000 fraudulent transactions were carried out via phishing for a total net of 34 million euros and 7,502 victims were recorded by the Federal Police. To reduce the risk of phishing, The Center for Cybersecurity Belgium has developed a smartphone app to send warnings about threats if for example a new phishing campaign is detected in the message forwarded to them.[6]

Phishing attacks are not just designed for consumers, they are also increasingly designed for businesses. The consequences of phishing attacks for companies are not just limited to financial losses, but can also result in reputational damages, loss of data and business, GDPR violations, etc. It is therefore important for companies and organizations to educate their employees by creating or increasing awareness campaigns concerning phishing scams.

Besides the focus on awareness campaigns, companies and organization should also further investigate and manage possible weaknesses in their IT systems. The Belgian government has put in place The Digital Reaction Plan website, providing tools for companies to manage risks relating to phishing.[7]  Indeed, companies are advised to take appropriate technical measures and learn how to respond appropriately to suspicious messages.

The number of registered phishing victims is increasing year after year and almost every month we are confronted with a new phishing scam. At this moment it is not certain yet how case law will evolve when it comes to interpreting ‘gross negligence’. Most likely, businesses who have appropriate technical measures in place and create awareness for employees will be in a more favourable position.

In case you would like to receive further information on this topic or need our assistance, please do not hesitate to reach out to us.

Also, if you are interested in artificial intelligence, be sure to check out our upcoming blog on AI.

 

[1] Outsmart a phisher: New campaign urges internet users to take action against phishers. Install the Safeonweb app and you always have up-to-date information in your pocket. (2021, November 15). Centre for Cyber Security Belgium. https://ccb.belgium.be/en/news/outsmart-phisher-new-campaign-urges-internet-users-take-action-against-phishers-install

[2] Phishing. (n.d.). SPF Economie. Retrieved December 1, 2021, from https://economie.fgov.be/fr/themes/protection-des-consommateurs/arnaques-la-consommation/formes-darnaques/phishing

[3] Ibid.

[4] Article VII.44, § 1 of Book VII of the Belgian Economic Code.

[5] Article VII.44, §1 2° of  Book VIII of the Belgian Economic Code.

[6] Outsmart a phisher: New campaign urges internet users to take action against phishers. Install the Safeonweb app and you always have up-to-date information in your pocket. (2021, November 15). Centre for Cyber Security Belgium. https

[7]   Home page. (n.d.). Digital Reaction Plan. Retrieved December 1, 2021, from https://www.digitalreactionplan.be/fr