Phishing attacks have become increasingly common in Europe by cybercriminals, exploiting various channels like email, text messages, and social media platforms.
In fact, the overwhelming majority of all cyberattacks begin with a phishing email. According to the 2022 annual report by the European Union Agency for Cybersecurity (ENISA) on the status of the cybersecurity threat landscape, phishing is once again the most common vector for initial access in the cybersecurity landscape.
As previously reported, over 40% of Belgians were victims of phishing, in which people are lured to fake websites to scam them, according to the Safety Monitor 2021 survey, conducted by the federal police in cooperation with local police, the Federal Interior Department and local governments.
Advances in sophistication of phishing, user fatigue and targeted, context-based phishing have led to this rise. Phishing is defined a fraudulent practice of sending emails or other messages purporting to be from reputable companies, such as banks, post offices and delivery companies, in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
ENISA is an EU agency dedicated to achieving a high common level of cybersecurity across Europe. While phishing may be the most common threat targeting individuals, companies are also often threatened by ransomware and malware.
Ransomware is defined as a type of attack where threat actors take control of a target’s assets and demand a ransom in exchange for the return of the asset’s availability. Ransomware has become one of the prime threats during the reporting period, according to the ENISA report.
Malware, also referred to as malicious code and malicious logic, is a term used to describe any software or firmware intended to perform an unauthorized process that will have an adverse impact on the confidentiality, integrity or availability of a system. The incidents involving malware mainly focuses on EU countries.
The Commission warned recently its staff against cyberattacks and tried to raise their awareness by a quiz on cybersecurity “fun facts”. For most respondents, the facts were largely unknown. 97 % of cyberattacks begin with a phishing email. On a global level, 3 billion phishing emails are estimated being sent every day.
The global annual losses of ransomware are estimated to more than €20 billion according to a source quoted by the Commission’s security team. Another worrying fact is that it takes 327 days for security teams to identify and contain a security breach. It was not clear if also took so long time for the Commission to identify a security breach.
The dangers of phishing
These cyberattacks, where criminals masquerade as legitimate entities to deceive victims into providing sensitive information, are no longer merely an inconvenience. Instead, they pose a serious threat to the security of personal data and financial assets.
Phishing attacks often aim to obtain sensitive information, such as login credentials, credit card information, or social security numbers. This data can be used to commit identity theft, which can wreak havoc on a victim's financial life and take years to resolve.
Cybercriminals can use stolen credentials to access bank accounts or make unauthorized purchases. Additionally, organizations may suffer financial loss through fraudulent transactions or the theft of sensitive business data.
Phishing emails may contain malicious links or attachments that, when clicked, can install malware on a victim's device. This can lead to further data theft or the infection of an organization's network. Companies that fall victim to phishing attacks may experience reputational harm, as their customers and partners lose trust in their ability to protect sensitive data.
Protecting yourself from phishing
Companies are advised to regularly train employees on the latest phishing techniques and the importance of being vigilant when handling emails, text messages, and social media messages. Multi-factor authentication (MFA) adds an extra layer of security by requiring additional verification methods, such as a fingerprint or a unique code sent to a user's device, to access an account.
Both companies and individuals should regularly update software, including operating systems and antivirus programs, to ensure that they have the latest security patches in place.
At the quiz in Berlaymont in Brussels, the Commission’s headquarters, visitors were advised not to open suspicious emails and to delete them at once. If possibly they should also report them. Under any circumstances, the sender's email address should always be verified and any links provided in a message before clicking on them.
People who fall victim to phishing in Belgium can now contact their banks day and night to have all their payment apps blocked. While it was already possible for victims to have their bank card blocked at any time via Card Stop (on the free number 078/170 170), shutting off access to mobile banking apps was more difficult.
The Brussels Times
