Urgency
“You have 10 minutes!”“Account blocked”, “final reminder”, “parcel returned today”: urgency is designed to short-circuit your thinking.
Everyday protection against phishing, booby-trapped messages and phone scams. Belgium / European Union edition.
Almost every scam — by phone, e-mail, SMS or messaging app — combines at least one of these three psychological levers.
“Account blocked”, “final reminder”, “parcel returned today”: urgency is designed to short-circuit your thinking.
The caller claims to be your bank, the police or technical support. The number displayed can be spoofed.
You are asked for a code, a password, your card details or to install an app. No legitimate party asks for that.
Two levers at once = hang up or delete immediately. A confirmation code is never shared: giving it is signing.
A confirmation code is never shared. Not by phone, not by SMS, not “with support”. A code authorises an operation: giving it is signing.
Hang up and call back yourself. Using the official number: the back of your bank card or the official website typed by hand.
Never click a link in an unsolicited message. Open the app or the official website yourself.
Fear + pressure = scam. A Belgian authority or bank never threatens over the phone and always leaves time to verify.
Neither the bank, nor Card Stop, nor the police. Nobody asks for codes, passwords or transfers to a “safe account” — it does not exist.
Unique password + two-factor authentication. On every important account: e-mail first, then bank, itsme, messaging apps.
Verify through another channel. A relative’s “new number”? Call the old one. Agree on a secret family password.
.top, .xyz… The “bpost” display name proves nothing: only the real domain counts.
“Final notice”, “within 24 hours”: a panic lever.
€2.99: the target is your card, not the amount.
Hover or long-press: the real domain appears.
.html, .zip, .iso, Office macros: do not open.
AI has changed the game: no more crude spelling mistakes. Perfect English, a correct logo and your own name no longer prove anything — only the real domain, the real link and the nature of the request matter.
“Suspicious transaction, confirm your codes”, then a transfer to a “safe account”… which belongs to the thief.
“Cooperate with the investigation, tell no one.” The police never conduct financial investigations by phone.
Customs fees, a code for the “courier”: the code requested actually opens your account.
“A virus was detected”, then installation of a remote-access tool. Never install software at a caller’s request.
“I had an accident” — sometimes with a genuinely cloned voice. Hang up and call the usual number.
Guaranteed returns, a dedicated “adviser”; endless taxes to “withdraw”. Check any platform against the FSMA warning lists.
Several successive calls that “confirm” one another. Real authorities do not work that way.
Sudden loss of mobile network for no reason? Contact your operator: your SIM card may have been duplicated.
Or an app to install? Every minute of conversation provides information and a sample of your voice.
No excuse, no debate. Hanging up is not rude: it is the response recommended by the Federal Police and Safeonweb.
Using the official number: the back of your card, the site typed by hand. Never call back the number given by the caller.
With vulnerable relatives, set the rule: “any call about money → hang up and call me first”. That single rule defeats most scripts.
Block. Cards → Card Stop 078 170 170 (24/7); online banking via your bank; identity document lost or misused → Doc Stop 00800 2123 2123.
Document. Screenshots, numbers, e-mails, account statements, times of the calls.
Dispute. Every unauthorised operation with your bank, in writing and without delay; unresolved dispute → the Ombudsfin mediator.
File a complaint. With the local police — essential for reimbursement and investigation. Some offences can be reported online via Police-on-web.
Report. Fraudulent message → suspect@safeonweb.be; misleading commercial practice → FPS Economy; investment fraud → FSMA.
Clean up. Passwords changed (e-mail first), sessions closed, two-factor authentication enabled, device scanned, operator notified if the SIM is compromised.
Sources: Safeonweb / Centre for Cybersecurity Belgium, FPS Economy, Federal Police, FSMA — 2026.