In October 2017, the CCB launched a campaign via Safeonweb.be to warn people about the danger of phishing messages. An e-mail address was also created where people were able to send suspicious messages to, i.e. firstname.lastname@example.org
In 2018, we received more than 370,000 suspicious e-mails in all. 236,255 of these messages contained URLs. After an automatic analysis and scoring we sent 8,882 suspicious URLs to the EU Phishing Initiative. We were able to block 837 unique phishing sites in this way. This means that every day we received approximately 2,000 e-mails and blocked 5 new URLs.
The forwarded e-mails are scanned automatically. In a first phase, the messages with URLs are identified. The anti-virus technology then looks for suspicious links in these mails. These suspicious links are forwarded to the EU Phishing Initiative, and the phishing sites are blocked in 4 participating browsers.
The EU Phishing Initiative is a not-for-profit project co-ordinated by CERT-LEXSI. The organisations in question are from 4 countries: Belgium, the Netherlands, France and Luxembourg.
More information about the EU Phishing Initiative is available here.
Thanks to the 2,000 mails we receive every day, we were able to pick up on a number of trends:
- .be domains are being used increasingly: in 2018, 42 sites had a Belgian domain name.
- Many phishing messages still don't look professional at all and contain typical spelling mistakes.
- Some cyber criminals use special characters, such as a letter with a small period below. In this way, as an URL is often underlined, the difference between the real URL and a fake URL is barely visible.
More information about this method is available in our article 'Cyber criminals use special characters to hide the difference with existing URLs'
- Cyber criminals also use new communication channels such as Facebook and WhatsApp to approach potential victims and diversify their messages, for example by sending messages on behalf of supermarkets chains and shopping malls containing large discounts or contests, or luring second-hand sellers to a fake website where they have to enter their banking details.
More information on this is available here.
email@example.com is an e-mail address belonging to the Centre for Cybersecurity Belgium (CCB). When you have doubts about the authenticity of a message, you can send it to this mail address before deleting the message.
More information about what we do with these messages and the protection of your data is available here.