Scam ITSME (Source : FB page "Zone de Police du Tournaisis")
ITSME is a two-factor authentication application that allows the population to connect to the websites and services of the Belgian Federal and Regional Administrations and Agencies.
For some time now, hackers have been creating a new "phishing" scam.
Find below the article published by the Tournaisis Police Zone which analyzes this scam and gives you some advice.
The Tournaisis police zone informs you of a new phishing attempt via ITSME. The purpose of this procedure is to retrieve your bank details in order to empty your account.
🧐 We tested one of these fake emails and broke it down by number to explain the step-by-step procedure.
📌 How does it work ?
1️⃣ You will receive an email indicating that you need to update your data on the Itsme application. In this email, you will find a web link or a "Access Now" tab.
2️⃣ If you click on it, you will arrive on a page with the Itsme logo and a "Continue" tab.
3️⃣ Clicking "Continue" will take you to a page where you will be asked for your identity and bank details.
❌ Once validated, the scammers will have all the elements in their possession to empty your bank account.
📌 What are the details that should catch my attention ?
1️⃣ The sender's email address is not an official Itsme address. This can be an @skynet.be, @gmail.com, @outlook.com, ... In addition, the recipient's email address (line "for") does not match your email address.
2️⃣ The URL address of the site does not correspond to the URL address of the Itsme application (official address: https://www.itsme-id.com/fr-BE). It is not possible to click on the options available on the page (e.g. general terms and conditions, partners, etc.). If you hover your cursor over these titles, you will not have the finger icon to access them. On this page, you can only click "Continue".
3️⃣ Regarding the data transmitted, at the level of your identity (3-1A and 3-2), you can fill in any contact details (see 3-1B). On the other hand, in terms of banking information (3-3A), if you do not enter the correct information (3-3B), the box will turn red and you will be asked to correct the information (3-3C).
In addition, a small Whois search of the URL links tells us that the site was created very recently (2025 for both pages).
🔎 In short
I receive an email asking for personal information or an update (identity details, bank details, etc.):
1️⃣ I take my time to analyze the email (even if it is indicated that there are only X hours left to respond). Is the sender's email address correct and matches the service contacting me? When in doubt, I check the real site via search engines (Google, Firefox, Edge, ...). It doesn't match = scam.
2️⃣ I clicked on the URL link: I check (and test) everything on the page (terms and conditions, contact us, delivery address, ...). If it doesn't work (no finger icon) or if it sends me back to the same page = scam.
Je vérifie également l’URL du site. En cas de doute, je cherche le vrai site sur un moteur de recherche et je compare.
3️⃣ I check the URL of the site on a Whois site: https://who.is/ - https://whois.domaintools.com/ or other (just type whois in a search engine).
I just check the creation of the web page. If the date is too recent compared to today's date, it is often a scam.
📌 What to do if you have provided your data?
📞 Have you given out your confidential banking information? Call Card Stop immediately on 078 170 170.
💸 Have you made a payment? Notify your bank immediately.
💸 Did you pay by credit card? Dispute the transaction via macarte.be (Visa or Mastercard).
🚓 Lost money? File a complaint with your local police office.
If you’re a SHAPE Member, come to SHAPE Federal Police police station and you will be taken in charge.
✅ Stay vigilant and spread this information to everyone around you.
