Resource Center

This approach has already been applied to 30 websites, enabling almost 25,000 people to be warned in good time In order to better protect citizens against online fraud, the Centre for Cybersecurity Belgium (CCB) is working with its partners on a joint methodology that will enable faster action to be taken against unreliable websites, thereby preventing new victims. As part of a new collaboration with the FPS Economy, this approach has already been applied to 30 websites, enabling almost 25,000 people to be warned in good time.Daily fight against unfair practicesThe partners at the FPS Economy (Economic Inspection) receive daily reports of unfair commercial practices, scams or fraud via websites. Each report is carefully analysed and, if necessary, an investigation is opened. Companies are given a deadline to remedy any infringements.If this does not happen, or if it is a case of manifest fraud, the new collaboration with the CCB makes it possible to introduce procedures to make these websites inaccessible. This collaboration strengthens the protection of consumers and companies in a faster and more effective way.Automatic redirection to warningThe system automatically redirects any attempt to visit a fraudulent website to a warning page – a special page on the FPS Economy website or the Safeonweb website. This redirection is carried out by the CCB via the BAPS (Belgian Anti-Phishing Shield) system, which automatically checks whether visited websites are on the list of known unreliable sites.The process works as follows: as soon as you click on a link, your computer automatically sends a DNS request to your internet service provider. Thanks to the BAPS system, the provider's DNS server checks whether the website is on the list of known malicious websites. This list is provided by partners such as the Economic Inspection. If there is a match, you will be redirected to the warning page instead of the original website. The sites are therefore made inaccessible without being physically taken offline.Public disclosure as an additional toolIn addition to redirecting users to warning pages, the partners at the FPS Economy also take action against the companies behind fraudulent websites through public communication.If infringements are not stopped, the name of the suspected website and the company responsible are published. Information about the infringements detected, the underlying practices and the methods used may also be added. This approach warns potential victims and puts additional pressure on companies to comply with the rules and make the necessary adjustments. This prevents new victims from suffering serious damage.Once a company brings its website into compliance with the regulations and demonstrates that it is no longer involved in harmful practices, its name is removed from all communications. If the website was blocked by the BAPS system, it is made accessible again.Reporting suspicious websitesHave you noticed any untrustworthy websites? Report them via safeonweb.be and the official channels of our partners. They analyse all reports and may decide to launch an investigation to stop fraudulent practices, with technical support from the CCB for swift and effective action.

The CCB and DNS Belgium have developed technical guidelines on email security protocols DNS Belgium and the Centre for Cybersecurity Belgium (CCB) recognise the importance of the Domain Name System (DNS) as a fundamental pillar of secure and reliable digital infrastructure. In an era of increasingly complex and sophisticated cyber threats, implementing proactive security measures to prevent abuse and attacks on the Belgian Internet domain is essential.As part of our collaboration, we have developed and published technical guidelines for DKIM (DomainKeys Identified Mail), DMARC (Domain-based Message Authentication, Reporting & Conformance), SPF (Sender Policy Framework) and DNSSEC (Domain Name System Security Extensions).These guidelines provide practical, standardised recommendations to help organisations, businesses, and government agencies better secure their email domains and DNS infrastructure against abuse, phishing, and other cyber threats.Objectives of cooperationStrengthen email security by properly implementing DKIM, DMARC and SPF to reduce email spoofing and phishing.Promote the adoption of DNSSEC to ensure the integrity and authenticity of DNS traffic, and prevent the interception and redirection of internet traffic for the purpose of stealing or manipulating data.Publish clear technical guidelines to support Belgian organisations in correctly implementing these crucial security measures.Raise awareness of the importance of a secure DNS infrastructure as part of a broader cybersecurity strategy.Encourage cooperation between the public and private sectors to create a more secure and reliable digital environment.Through this joint effort, DNS Belgium and the CCB intend to bolster the cyber resilience of organisations and enhance the security of the Belgian internet landscape.This collaboration highlights our shared responsibility to promote a proactive security approach and emphasises the importance of DNS as a vital component of online security.Together, we are setting a new standard for a safer Belgian Internet!The technical documents were developed in collaboration with DNS Belgium Technical guidelines for integrating and implementing these security protocols

We strongly recommends taking immediate preventive measures. The CCB warns organisations about an ongoing malicious campaign that delivers trojanized applications disguised as PDF editors or product manuals. Once installed, this malware can steal credentials and turn compromised Windows devices into proxies. Several incidents have already been reported.The CCB is treating this campaign as a high risk. Our teams are actively reaching out to Belgian companies and civilians that may be affected by this threat. The CCB strongly recommends taking immediate preventive measures.Who is at risk?Organisations and individuals that download software through online advertisements or unfamiliar links are affected. Specifically:Users searching for PDF editors or product manuals onlineOrganisations allowing employees to install software without strict controlsAny Windows environment where users can execute downloaded applicationsWhat should you do?If your organisation or employees may have installed one of these trojanized applications, we strongly advise you to:Avoid downloading or installing applications via online advertisements or unverified websites.Verify whether the following applications are present in your environment: AppSuite-PDF, PDFEditor, or ManualFinder.Check systems for signs of compromise. Look for unusual processes, credential theft activity, or devices being misused as proxies.Report any suspected incidents immediately to the CCB.More informationFor further details on this campaign, consult the following resources:TrueSec – Tampered Chef: The Bad PDF EditorExpel – ManualFinder CampagneFollow the updates on the CCB website: https://ccb.belgium.be/advisories/warning-trojanized-infostealer-campaign-appsuite-pdf-editormanual-finder-immediateReport an incidentReport any incidents to the CCB via our official incident reporting form.The CCB is committed to protecting Belgian organisations from cyber threats. We will continue to closely monitor this campaign, provide updates as needed, and contact potential victims.

Recent research by the CCB shows that Belgian companies are not making sufficient use of two-factor authentication (2FA)  Despite growing awareness of cyber threats, recent research by the Centre for Cybersecurity Belgium (CCB) shows that Belgian companies are not making sufficient use of two-factor authentication (2FA) or multi-factor authentication (MFA) on external connections. While 70% of the organisations surveyed say they consider it somewhat to very likely that they will soon be targeted by cybercriminals, only 46.4% have actually implemented 2FA.A survey of 250 Belgian companies conducted by the CCB in July 2025 clearly demonstrates this. The results show a striking contrast between the perceived threat and the measures taken. “These figures and the number of incidents are very worrying," says Miguel De Bruycker, Director-General at the CCB. “In about half of our Incident Response Interventions, we find that 2FA or MFA is not or only partially in use. In a digital environment where password hacking is seen as a real threat by 58% of companies, 2FA should be an absolute minimum measure.”Daily victims due to leaked login details and incorrect 2FAEvery day, at least one Belgian company falls victim to a cyber attack. The common thread in these incidents is the leakage of login details through phishing, for example, and the lack of proper two-step verification.“Install 2FA immediately on all external connections and for everyone,” De Bruycker adds.In incidents, it is also often found that 2FA is not provided for everyone. Recently, massive amounts of data were stolen because IT administrators had set up a separate VPN to the servers without 2FA, while all other employees were required to use it. Awareness and control by top management is therefore essential.2FA: simple, effective, but still underusedTwo-step verification provides a second layer of security on top of the traditional password. Even if that password falls into the wrong hands, access to the system remains blocked without the second means of authentication (such as an app or token). Nevertheless, its implementation lags behind other basic measures:Antivirus software: 89.6%Backups: 86.4%Firewall protection: 77%Two-step verification: 46.4%It is wrong to think that it does not matter much! 2FA is not absolute security, but it makes a huge difference. More than 80% of current incidents could have been avoided by correctly implementing this one, most important measure.From awareness to actionImplementing 2FA does not have to be complex or expensive. Many popular applications and cloud services offer this option as standard. Organisations that have not yet implemented 2FA are taking unnecessary risks. The CCB therefore calls on companies to:Mandatory implementation of 2FA on all accounts that are accessible from outside the organisation, especially for email, cloud platforms, VPNs and administrator interfaces.Use our CyberFundamentals for strong cyber defenceActively raise employee awareness about secure login. Sources Survey of 250 Belgian companies conducted by the Centre for Cybersecurity Belgium, July 2025.Safeonweb AT Work