Real-World Phishing Attempts

Phishing scams are one of the most frequently occurring forms of cyber attacks. Stay alert to prevent falling victim.

AuthorAuthor

Niko Kluyver & Caetano Kluyver
May 25, 2024

The Central bank of Curaçao and Sint Maarten (CBCS) has recently published its 2024 Financial Stability report4 . They note that Cyber Risk was “at the forefront of most financial institutions’ risk concerns”.

Interestingly, in both the 20225 and 20236 versions of the Financial Stability Report, “Cyber Risk” was mapped as a “Potential Risk”, while in 2024 its status has been heightened to an “Acute” risk - indicating the increasing importance and relevancy of the topic.

We thought it would be worthwhile to use this opportunity to raise awareness regarding some current phishing scams that are circulating, as phishing attacks are one of the most frequently occurring forms of cyber attack.

Table of Contents

Real-World Phishing Example 1🎣

One of the Phishing scams that is currently circulating, is a text sent from a Dutch mobile phone number stating to be Bunq bank and requesting to verify the account-owners’ phone number to prevent the account from being blocked.

While you may think that such an text can be obvious to detect, a news article published on Dutch news site NOS on this exact phishing example notes that in the last 7 months there have been 28 victims for a total of EUR 1.6 million1 .

Or you might expect your Bank (or all Banks in general) to have security measures in place to prevent such attacks to be implemented succesfully. Experts interviewed as part of the article state, however, that at Bunq bank such measures are lacking.

Real-World Phishing Example 2🎣

Another phishing text that is currently circulating, is one imitating to be the tax authorities stating you are behind on debts and that you run the risk of your accounts to be seized. Notably, this text is sent from a +49-country code, which is Germany- while the text is written in Dutch. This is a major red flag.

The above text has already been identifed as being a phishing attempt and has been registered at the Fraude Helpdesk (Fraud Helpdesk) - an organization with the purpose of informing citizens regarding fraudulent activities.

Publication on the public Fraud Helpdesk to inform people3

The moral of the story is to always be alert on the red flags before clicking any links. Below we provide some more ways how Phishing attempts can be detected.

Detecting Phishing Attempts 🔎

Phishing attempts can be detected in a variety of ways listed (but not limited) to those below:

  1. Check the URL: In this case you can see that they have written BNQ in the URL, instead of Bunq. A small difference, which to a quick reader might be missed. Always check the URL carefully. If it’s a link on your computer, hover above the link which will show the real link (sometimes a hyperlink can be inserted into a string of letters that can make it seem like a legitimate link)

    Example of the ‘hover technique’

  2. Be aware of your Banks (or other institutions) policies: Bunq states on their website that they will NEVER request your pin code or login details and they will never call you2 . Being aware of these policies will enable you to detect suspicious events

  3. Check the sender: The sender of this SMS is an unknown 06-number (mobile numbers in the Netherlands start with 06). It should raise your concerns when an organization send you a text from a mobile number - this is not usual behaviour.

  4. Proactively reach out: If you’re in doubt, proactively call your Bank (or other institution) and ask if the SMS (or mail) is legitimate. They will inform you on how to best take action.

Be proactive. Stay cybersafe.

About CyberVade
CyberVade is a professional service provider focusing on cybersecurity, data privacy, AI, and compliance. CyberVade’s mission is to fortify your business and offer knowledge and managed cybersecurity tools to assist companies in their defensive strategies to fend off the ever-growing attacks from cybercriminals. We also assist clients to become compliant in any framework that applies to them such as PCI-DSS, ISO27001, SOC2.