Itdaily - Belgium establishes National Phishing Unit: cooperation and coordination against Crime-as-a-Service

Belgium establishes National Phishing Unit: cooperation and coordination against Crime-as-a-Service

Belgium establishes National Phishing Unit: cooperation and coordination against Crime-as-a-Service

The federal police will set up the National Phishing Unit this summer. It is intended to tackle phishing in a less fragmented way. This is not necessarily just to face the professional international crime circuit.

The federal police will combat phishing in a more coordinated manner. To this end, it is establishing the National Phishing Unit, which is set to launch this summer. The unit will be housed within the Federal Judicial Police, where specialized detectives will receive administrative support.

The unit’s main task is to provide better cooperation in the national fight against phishing. To achieve this, it will bundle information from various police zones and federal services. In this way, the unit aims to detect methods, create perpetrator profiles, and ideally establish links between cases.

International context

This is happening within an international context, as the unit will work closely with Europol. This international police service has already shown its teeth several times when it comes to enforcing digital crimes. For instance, Europol helped ensure that an international crypto-fraud network was dismantled, and the service plays a key role in the fight against ransomware.

Criminals do not respect national borders, and the unit will give the police a faster overview of international phishing campaigns. Conversely, Belgian services will also be able to contribute to the investigations of their international colleagues.

By smartly combining technology, data analysis, and cooperation, we strengthen not only our own effectiveness but also that of all our partners.

Eric Snoeck, Commissioner General of the Federal Police

“Society is changing, criminal practices are constantly evolving,” Commissioner General Eric Snoeck told VRT. “We too must be able to switch gears quickly. By smartly combining technology, data analysis, and cooperation, we strengthen not only our own effectiveness but also that of all our partners. Because no single organization can fight phishing alone.”

Don’t hack, just log in

Phishing is a major international problem. Perpetrators mainly target older people and try to steal their personal savings. The number of phishing reports rose by thirty percent last year, and the figures themselves are likely a gross underestimation of the actual number of victims.

In a business context as well, phishing remains by far the most important attack vector. “Hackers don’t break in, they log in,” remains a correct maxim. Whether it concerns a personal or a business account, cybercriminals use all sorts of tricks to convince targets to help them log in.

Professional attack infrastructure

Barracuda research recently shared a study showing how damaging phishing can be. With the help of a little AI, an email campaign can provide hackers with permanent access to company systems within a minute.

Phishing has become professionalized today. In malicious online circles, aspiring criminals can buy the entire infrastructure to set up campaigns, just as you would purchase a legitimate SaaS solution for email campaigns. Nine out of ten phishing campaigns currently make use of such ‘phishing-as-a-service’ kits, which run on a modern cloud-native infrastructure.

Responsibility of banks

The time when financial institutions could blame the victim for phishing also seems to be gradually passing. An opinion from Advocate General Rantos of the Court of Justice of the European Union regarding the interpretation of the PSD2 directive is clear: banks must refund first, even if there is a suspicion of a possible error by the customer. Afterwards, the bank can then invoke an intentional error or gross negligence to reclaim the money.

As phishing professionalizes, it seems the damage will shift more toward large institutions like banks. At the same time, the government sees a role for itself in combating a phenomenon that affects more and more citizens and businesses.

In this context, the new National Phishing Unit must carry out its task. Cooperation between the police, justice department, the CCB, banks, and other partners must ensure that the fight against phishing gains, if not teeth, then at least extra eyes.