Scammers continue to bombard us with phishing messages. In the first six months of 2025, vigilant citizens forwarded more than 4 million messages to suspicious@safeonweb.be. How can you recognise a phishing email? We also list the 10 most reported scam messages.
Safeonweb.be, an initiative by the Centre for Cybersecurity Belgium, receives nearly 26,000 reports from citizens about suspicious messages every day; that's almost 9.5 million a year. This could be just a fraction of what scammers send our way.
So, what happens to the reports?
Every report is checked, including any links and attachments. If it turns out to be attempted fraud, then action is taken. We redirect less attentive Internet users who do click on such a link to a warning page to prevent them from being scammed. That means if you forward a phishing message to suspicious@safeonweb.be , you could be helping others avoid a lot of trouble.
Thanks to all these reports, we can post specific alerts on Safeonweb.be about phishing messages. We also send these alerts via the Safeonweb App and share them along with other tips and videos via social media such as Facebook, Instagram and X. In the first six months of 2025, we published no less than 36 alerts on the most common phishing messages.
How can you protect yourself?
Protect yourself by recognising phishing messages. We explain how in one of our training modules at https://surfwithoutworries.safeonweb.be/en/modules
- Always check the sender. For example, official emails are always sent from an official email address. If that's not the case, it's a red flag.
- Also, first hover over the link in the message with your cursor, without clicking, to check the address of the website you would be directed to in order to enter your information. On a smartphone, you check this by clicking the link and holding it. If it isn't the official website, it's probably a phishing attempt.
We've indicated these two steps in most current reported scam reports.
1. Fraudulent Christelijke Mutualiteit (CM) email
The most common phishing email mimics a message from the CM. This is by no means new, it's the kind of message that recurs regularly. The phishing email asks you to identify yourself through a link, otherwise you'll no longer be able to access their services. NEVER click the link: this will give the scammers access to your banking information. A few hours or days later, somebody claiming to be an employee of your bank or Card Stop will contact you about this fraudulent email, supposedly to help you. In reality, they will try to steal your money.
2. Fraudulent National Institute for Health and Disability Insurance (NIHDI) email
Last week, nearly as many Belgians reported receiving a phishing email that fraudulently used the name and logo of the NIHDI. The email told recipients that they were owed money from their Sickness and Disability Insurance. To receive it, however, personal information such as a bank account number had to be shared.
3. Fraudulent De Watergroep email
Once again, lots of emails are being sent by cybercriminals posing as drinking water company De Watergroep. These fraudulent emails are very convincing. Always carefully check the sender's address to be sure the email is actually from the apparent sender, such as De Watergroep.
De Watergroep itself has also warned about fraudulent messages urging people to pay a supposedly outstanding bill immediately, threatening imminent disconnection if this isn't done. However, De Watergroep never sends messages via WhatsApp or a normal mobile phone number.
There are various similar mails and text messages also circulating on behalf of energy, telecom and postal companies (Engie, Luminus, Eneco, Telenet, Proximus, Orange, bpost, PostNL, etc.). So always be vigilant if a company asks you to check and update your customer information.
4. Fraudulent federal police email
A certain email which appears to come from the federal police and/or Europol has been circulating for years. It continues to scare people, as it claims you are summoned in connection with moral offences. The message is very serious and convincing. If you respond, they suggest an "out-of-court settlement" to avoid a court appearance. However, the police never send such messages, so never reply to the email and delete the message.
5. Apps that promise quick cash
Apps promising quick cash are also springing up all over the place. If you come across such an app or game through an intrusive ad on Instagram, TikTok, Facebook or a message via Messenger or WhatsApp, be very careful. Never download a game from an unknown source, as you might install malware that steals your data or encourages you to pay for features that don't exist.
6. Fake tax authorities email
Scammers often look for links to current events to attract attention. As soon as a disaster occurs, it's only a matter of time before the first phishing messages pleading for donations appear. At the beginning of the year, lots of fraudulent emails concerning subscriptions that are supposed to be renewed are sent, as well as fake New Year sales mails that promise lots of bargains.
As this is the time of year when annual tax returns have to be filed with the FPS Finance, scammers also eagerly take advantage by sending out mass phishing emails that lure you to fake websites. If you want to view your tax return, use the Tax-on-web login page.
7. Fraudulent mypension.be email
Cybercriminals are also very fond of posing as the government service mypension.be, that shows our future pensions. Do not click on links like this. If in doubt, always go directly to the official website mypension.be.
8. Fake ads on social media
A high-end kitchen robot for 39 euros? Branded trainers with a 90% discount? The number of fake ads on social media is increasing rapidly. They imitate well-known brands, use familiar faces or invent "secret tips" by former employees. For example, 'I worked at Decathlon and know how to get this backpack for a bargain price,' has been very popular for several months.
9. Fraudulent bank email
It's a trap that has been around for years and shows no signs of going away: the fake email pretending to be from your bank. Every known bank has been imitated by fraudsters. Over the past few weeks, we have received multiple reports about fraudulent emails purporting to be from Argenta, asking us to update the app. Do not click on the links in this email, and always check with the bank if in doubt.
10. Fake competitions on social media
You may be among those who received a message on social media from a friend or family member asking you to vote. Recently, messages over a so-called tattoo contest have been circulating on Instagram. Be very careful: this is not a real competition, but a phishing attempt that could lead to a fraudster taking over your account. You're asked to log in through a fake website, which gives the scammers access to your username and password. Then they use your hacked account to scam your friends with new phishing messages. They might even misuse your payment methods, for example, to make purchases through your linked debit card.
