My eBox: Phishing Emails Circulating

Last update: 01/26

We have noticed an increasing number of spam and phishing emails circulating that mimic a My eBox message. These emails are particularly convincing and are therefore all the more dangerous.  

What is phishing?   

Phishing is a form of online fraud that uses fake emails, websites, or messages. In phishing, people with malicious intent try to lure you to their websites to obtain your personal and banking information (passwords, PIN, credit card number, personal details, etc.) by making you believe they are legitimate websites.  
 
Because phishing messages have become increasingly convincing, it’s easy to fall into the trap. These fake messages may look very much like official communications, but they lead you to fraudulent websites, where scammers often try to steal your money. 
 

Why are there so many phishing attempts targeting My eBox?

Phishing messages appear in many different contexts, but of course they are much more common when scammers can gain access to your banking information. For example: you might receive what appears to be an official message in your eBox asking you to pay to resolve issues with documents from the FPS Finance (a non-existent fine, a certificate that is available for free, information from the Flemish government, etc.).

You should also know that you can log in to My eBox using your ID card or via ITSME®. These credentials are essentially digital keys that grant you access not only to your personal data but also to your bank accounts. Scammers know this all too well and try to take advantage of it by asking you to log in with your personal information. If they get their hands on that information, they can also gain access to your bank accounts.

Certain emails will direct you to a website that is a perfect copy of myebox.be, where you’ll be asked to log in and enter your banking information. If you want to protect yourself against phishing, follow this golden rule: never provide your banking information via a link you receive via email or text message!

 

How can you spot these types of phishing emails?

Cybercriminals are getting better and better at forging these kinds of emails, and sometimes it’s nearly impossible to tell a fake email from a real one.

When it comes to My eBox, please keep the following in mind:

• ALWAYS TRUE: My eBox will never ask you to enter your bank details and will never ask for any form of identification other than your digital CSAM keys, which you need to log in.  

• ALWAYS TRUE: Official messages from My eBox always include the recipient’s name (e.g., “Hello (followed by your first name)”) and, in certain cases, the pseudonym you chose in your profile. However, our messages will never begin with “Dear Sir/Madam” or “Dear Citizen” or “Dear Customer.”   

• ALWAYS TRUE: My eBox only sends notifications via the email address myebox.noreply@bosa.fgov.be.  

Never click directly on the links in the email. When you hover your cursor over a link without clicking on it, you will see the domain name. If you are unsure whether the link you see is trustworthy, first look up the website using a search engine and check the website’s URL (https://myebox.be/en), or bookmark it so you can be sure of the correct URL in future situations. 

 
What should you do if you discover a phishing email?

Be sure not to click on the link in the email and never enter your banking details. 

Report the phishing email to the Belgian Cybersecurity Center (CCB) by forwarding it to info@safeonweb.be. This way, the CCB will be aware of the phishing attempt. It investigates these emails and will take measures to protect other citizens from them. 

The Belgian Cybersecurity Center (CCB) also provides an overview of the current situation, lists some tips for recognizing fraudulent emails, and offers a test to assess how vigilant you are regarding suspicious messages.  

Since November 2021, the CCB has also made a Safeonweb app available. This app alerts you to cyber threats and online scams.

Do you have any questions? Please contact us via the My eBox web form. 

 

How can I make sure I don't fall into a trap?

Some extra tips:  

• You can now choose a personal profile picture for your My eBox profile, which will appear in your My eBox email notifications. You can also choose a personalized greeting.

• By downloading the MyGov.be app, you can now also enable push notifications. Thanks to this new feature, you’ll be notified immediately on your smartphone as soon as a new message is available in your My eBox portal. This system is the safest and most reliable way to be notified of new eBox messages! The notifications come directly from the official MyGov.be app, eliminating any risk of phishing. This way, you can be sure that every notification is authentic and secure. 

• If you’ve received an email you’re unsure about, you can always go to https://myebox.be/en and open the app via the “Open My eBox” link on the homepage. If there’s no new message for you in My eBox, then the email you just received is a phishing attempt.   

• If you use other platforms such as My Citizen Profile, IRISbox, Doccle, KBC Mobile, or Trusto, you can check whether you’ve received different notifications for the same eBox message. 

• Install the new SafeOnWeb app. This app alerts you to cyber threats and online scams and informs you about the security level of your Wi-Fi network. 

 
 In general, there are a few tips for learning to spot suspicious emails:  

• Is this really an email you were expecting? For example, you might receive a message about a fine you have to pay, but it has absolutely nothing to do with your activities.  

• Always check the sender’s email address. Be on the lookout for strange or incoherent elements in the address. Notifications from My eBox are always sent from the email address myebox.noreply@bosa.fgov.be. 

• Don’t react hastily if the message appears to be urgent. Phishing emails often try to make you believe that something is urgent or that there is some kind of threat. Ask yourself the right questions: does the message make sense?  

Pay close attention to spelling and grammar errors. You will never encounter such language errors in an official government message.  

 

Some examples of fraudulent emails:

We haven’t yet encountered all of the cases listed below in French. Phishing related to My eBox is much more common in Dutch. There are also many fraudulent emails circulating related to My Citizen Profile. Be sure to check out the page the Flemish government has created about the phishing phenomenon. Phishing related to My eBox is much more common in Dutch. There are also many fraudulent emails circulating related to My Citizen Profile. Be sure to check out the page the Flemish government has created about the phishing phenomenon. 

Nevertheless, we also advise our French-speaking users to remain as vigilant as possible. More and more French-speaking users are receiving notifications in Dutch.

This is what fraudulent emails look like:  

• Example 1: An email notification from a fake sender, with no personalization for the recipient (no name, no profile picture) and an outdated logo:

 

• Example 2: A fake page that you are redirected to, where you are asked to log in using your banking credentials:
  
  
   
• Example 3: is harder to spot. Here, the message isn’t personalized (no name, no profile picture):
  
  
   
• Example 4: The sender's address is completely wrong. The message is also impersonal: