How do you avoid falling into the trap of cybercriminals?

Keep your attention focused

Whether it's the click you make when you’re not paying attention, a weak password or software that hasn’t been updated for a long time, cybercriminals are out there, lying in wait. They take advantage of our inattentiveness, routines that we carry out with hardly a thought, time pressures that may make us less vigilant, or the common misconception that many people have: “it won't happen to me”’. 

Here are a few examples of how things can go wrong:

• You click on a link in an email that looks like it’s come from your bank, even though you know your bank doesn’t usually send out emails with links in them.
• You use the same password on five different platforms because it’s easier to remember and, anyway, they’re not platforms you use for anything important.
• You share a document with a colleague via a chat app because you were already discussing something in the app and it’s quicker that way.
• You leave your laptop unattended without locking the screen because you’re just going to get a cup of coffee and will be right back.

Sounds familiar? You have probably experienced one or more of these situations yourself. We all opt for a quick, easy solution when it suits us. At work, of course, but perhaps even more often at home, where we are the only person responsible for our own online security. After all, what are the chances that it would happen to you – or your parents, friends, children, etc? It is precisely this kind of inadvertent carelessness that cybercriminals count on. It is a responsibility we all share. And it starts with being aware.

For you to be sure that a website is the real one, whether it belongs to your bank, Bpost, My eBox or another platform, it always pays to check the link. Eggers again: ‘Not many people bother to do that, but often it’s the biggest giveaway. When you receive an email “from Argenta”, hover your mouse over the link to see whether it actually goes to Argenta.be and not to Argenta.com or Argenta.ar. You also need to know how a URL works, because what comes just before the .be is important: Argenta.info.be is not a link to Argenta, but to Info.be. But if the link is to a .be domain, you can be fairly certain that it’s a reliable website.’

What can you do? 

Think twice before you click. Check links and senders, especially if a message appears to be urgent. If you are unsure, ask a colleague, friend or partner for their opinion.  ‘If the message comes from My eBox or Bpost and if you’re in any doubt, go to their website or use their app yourself,’ adds Eggers. ‘This will prevent you from ending up on a fraudulent site via a link in a fake e-mail.’

Use strong passwords that are unique. Or, better still, work with a password manager and use two-step verification where possible. ‘Two-step verification is so effective that it can prevent virtually all attempts to hack into an account,’ says Eggers.

Install software updates. The prompt to update may come at an inconvenient time, but in addition to new features, these updates also include protection against recently discovered vulnerable spots in the system. So keep both your operating system (Windows, MacOS, Android, iOS, etc.) and the software or apps that you use up to date.

Be careful when you share information. Always handle confidential information about your organisation, customers and suppliers with care. Only ever share sensitive information via secure channels – never via WhatsApp or unencrypted emails. Don’t respond if someone asks you to confirm something via Itsme, or to provide your bank codes by email or telephone. 

What can you do as an organisation?

Keep yourself informed

Cyber threats never stand still. Regular training or awareness sessions help keep people alert.

‘But this goes well beyond just phishing tests,’ says Eggers. ‘These tests are useful, but they’re certainly not a silver bullet. If you run tests with every employee, there will always be someone who clicks on the link. You need to be aware and alert, but it doesn’t rule out the possibility that someone will still fall for a real phishing email.’

Beef up your cybersecurity

As an organisation, there are all sorts of things you can do in terms of cybersecurity. Ensure that your data, systems and services are properly protected and secure. Bring in outside specialists to help you with this. Be sure to check what the legal obligations are within your sector and ensure that you comply with them.

‘Europe has introduced legislative initiatives such as NIS, NIS2 and the Cybersecurity Resilience Act,’ says Kristof Tuyteleers, security officer at DNS Belgium. ‘It has done so to encourage businesses and governments to keep their information as secure as possible and to make our digital society cyber-resilient.’ 

‘You can also be sure that all vital providers (such as hospitals, airports, etc.) do everything they can to give their services the resilience they need to withstand cyberattacks and to get the underlying infrastructure up and running again online if an attack does occur.’

Report breaches if you have the slightest doubt

If you suspect abuse or encounter something suspicious, don’t take any risk: report it. As an organisation, make sure that everyone is familiar the reporting procedures and that people know where and how to report something suspicious or out of the ordinary.

No one is to blame

Eggers would like to clarify that being scammed, deliberately or by inadvertently clicking on a link or entering your details is nothing to be ashamed of, nor does it consign you to the naughty corner or brand you as a “stupid” internet user. ‘We need to move away from blaming and shaming, because often acting without thinking is not the culprit,’ says Eggers. ‘What has happened is you have fallen into a very well-designed trap. At the CCB, we often see people who usually think carefully and who are aware of all the warnings, yet they still click on something or sign something while answering the phone or distracted doing other things.’

‘The perpetrator on the other side is a professional. They know all the sales techniques, all the scams – and they know how to persuade people. You are not stupid if you fall for it; you are the victim of a trained criminal.’

Everyone is susceptible to fraud, but some people are more likely to be scammed as the result of an email about a fake parcel, while others fall for an online friend who starts asking for money after a while, or who can’t resist a unique investment opportunity. With this in mind, the CCB is currently issuing warnings about investment fraud via Safeonweb. ‘People find themselves lured in through fake profiles of celebrities, advertising, WhatsApp groups and even dating sites. This is how they end up on an investment treadmill, complete with beautifully constructed websites and even a helpdesk where they can speak to the fraudsters. They are repeatedly persuaded to continue investing, even if it means taking out loans. Many victims do not even believe that they are victims – but they will never see their money again’.

What are we doing at DNS Belgium?

As you would expect, we take cybersecurity very seriously at DNS Belgium. Not only by ensuring that the internet is secure in Belgium, but also by informing people about and raising awareness of the importance of online security. 

A lack of thought is common among young people and the elderly. That is why we are targeting these two groups with specific awareness campaigns.

We also actively support the Safeonweb campaigns. This is a project run by the Centre for Cybersecurity Belgium and is designed to inform and advise people about current digital threats and online security. This autumn, the campaign will focus on preventing investment fraud.

Cybercrime can have major consequences. For this reason, cyber insurance has been available to businesses for a number of years. Does it provide a user buffer against the risks of cybercrime? Or does it create a feeling of false security?