What are phishing and vishing?
Phishing is a type of internet fraud in which an email lures the victim to a fake website that resembles the site of a bank or a commercial site. When the victim enters their username and password, the fraudster will intercept them and use this information to carry out transactions or purchases. Sometimes, hackers ask their potential victims to install software that allows them to remotely take over the computer or see the keystrokes to steal the login details.
Vishing stands for voice-phishing. Fraudsters make phone calls to victims, supposedly on behalf of a bank or a company, and they try to extract personal information, card reader codes or credit card details. For example, they respond to customers' concerns by reporting that they suspect credit card or bank account fraud.
How do I recognise a phishing message?
The emails refer to a website that at first sight looks very similar to the websites you are familiar with. They often mention new security measures or databases that need to be updated. The mail is not personally addressed to you but uses general addresses such as “Dear customer”. The message often also contains grammar and language errors.
You will be asked to click on a link to check your details. This link will lead you to a fraudulent site where you will need to log in with your credentials. Sometimes there is also software that you need to download, supposedly to protect your account better. There are also threats (such as closing your account) if you don’t immediately follow up on the message.
Some phishing messages ask you to buy online credit to pay a fine and add a link to the site where you can pay online. Never click on such links!
Several organisations, agencies and companies were already victims of phishing, and the fake emails sent in their name are often still in circulation. These include telecom operators, banks, collection agencies, and so on. Even the federal police and the local police have already been victims of impersonation attempts.
What should I do if I receive a (suspected) phishing message?
Do not click on the link in the mail and do not open any attachments. Contact your bank or the institution from which the e-mail supposedly originates to check the authenticity of the message. In Belgium, you can always report a phishing mail through firstname.lastname@example.org.
How do I recognise a vishing phone call?
When someone calls you in the name of your bank (or another institution) and asks you for pin codes, your credit card details or codes on a card reader, you can be sure it is a scam.
Sometimes scammers also occur as employees of a company. They report that there is a problem with your computer and are here to help you fix it, in exchange of a fee. If you don't give it to them, they can block your computer. These scammers usually speak English. The real company never calls customers in such a way, so when you receive such a call, you can also be sure that it is vishing.
What should I do if I receive a (presumed) vishing phone call?
Your bank will never ask for your personal details over the phone. Therefore, under no circumstances will you pass them on. Ask for names, addresses and phone numbers to call back. Do not give any information over the phone and offer to visit the bank office. Disconnect and contact your bank. If they continue to call back, it’s best to answer, make it clear that you know it’s a scam and that you have already contacted the police. That usually frightens them off and they leave you alone.
What steps can I take to avoid becoming a victim of phishing?
Always enter the web address of the website you want to visit. This will prevent you from ending up on fake websites through misleading links. Websites of banks use a secure connection; you can see that their URLs contain “https” (the “s” stands for “safe”). You can also recognise a secure website by a lock showing in your browser or a green address bar. Also make sure your computer is well protected with a virus scanner and a firewall. Keep your operating system, virus scanner and browser up to date.
I am a victim of phishing or vishing. What now?
Contact your bank and have your account and online banking account blocked. Most banks have a special phone number that can be reached anytime to report fraud. Collect all data that can prove the facts and the damage suffered. Write down all the data you received from the fraudsters, such as phone numbers, names and website address and take them to the police.
If you have not suffered any damage, but you still want to report the attempted scam, you can do so to the police in your place of residence.
Find out more about the work of the Belgian Safer Internet Centre, including their awareness raising, helpline, hotline and youth participation services – or find similar information for Safer Internet Centres throughout Europe.