TL;DR
On March 9, 2026, ethical hacker Inti De Ceukelaire revealed that he infiltrated a phishing gang that sent fake Argenta emails to Belgian bank customers. He cracked their system in five minutes, sabotaging seven campaigns and unmasking four scammers. The story exposes how easy phishing attacks are to set up, and why your employees are the main line of defense.
It was big news last week: ethical hacker Inti De Ceukelaire penetrated the digital headquarters of a phishing gang posing as Argenta. Within five minutes, he had access to their entire records, including the identity of the scammers.
The story went viral, but behind the spectacle is a more important message for every Flemish company. If four amateurs can attack thousands of Belgians from abroad with a poorly programmed phishing platform, what does that mean for your organization’s security?
In this article, we dive deeper into exactly what happened, why phishing in 2026 is more dangerous than ever, and what concrete steps you can take to protect your business.
What exactly happened with the Argenta phishing?
In late January 2026, Inti De Ceukelaire, one of Belgium’s best-known ethical hackers, received a text message purportedly from Argenta. The message asked him to update his card reader and referred him to a counterfeit website.
De Ceukelaire recognized the gang: he had seen their work before. Instead of ignoring the message, he decided to go on the counterattack. Through the source code of the phishing page, he discovered that the platform was particularly poorly secured. Passwords and log files were stored in plain text files rather than in a secure database.
Within five minutes, he had access to the gang’s entire administrator panel. There he saw in real time how victims were entering their bank details. He also discovered that the scammers worked with rotating shifts: every time someone entered card details, a team member would receive a notification to complete the fraud manually.
De Ceukelaire identified four suspects, twenty-somethings from France and Morocco, who flaunted expensive cars and jewelry on social media. He then sabotaged seven phishing campaigns by modifying the source code to show Belgian visitors a warning. From Morocco and France, everything continued to work normally, so the scammers did not realize for days that their campaigns had been sabotaged.
All information was passed on to the police and to Safeonweb. Cyber magistrate Peter Peereboom of the Antwerp public prosecutor’s office reacted positively in VRT NWS, but nuanced: “There are so many phishing gangs active that it sometimes seems like a drop in the ocean.” In the province of Antwerp alone, 7,500 reports of phishing were registered last year.
Why is this relevant to your business?
The Argenta story is not just about bank customers. The techniques used by this gang are used daily against businesses. And there the consequences are often many times greater.
The key insight from this case: the scammers were amateurs. Their code was so bad that an experienced hacker could break through it in five minutes. Yet they were effective enough to run an active campaign with multiple shifts and multiple simultaneous attacks.
That’s because phishing does not rely on technical complexity. It plays on human behavior: haste, trust in a familiar brand, fear of missing something. An employee who opens a crowded inbox on Monday morning and receives an email that looks exactly like a message from the accounting software or IT department clicks faster than you think.
According to Check Point, by 2025, 46% of all malware in Belgium was spread via e-mail. Microsoft was the most imitated brand in phishing attempts, followed by Google and Apple. In a corporate context, brands such as Microsoft 365, SharePoint and Teams are also misused, the very tools your employees use every day.
How does a phishing attack on a business work?
With consumers, phishing attacks usually target banking information. With businesses, the attack model is different and often more lucrative for the criminals.
Step 1: the phishing email. An employee receives an email that looks like an internal message, an invoice from a vendor, or a notification from Microsoft 365. The email contains a link to a counterfeit login page.
Step 2: the credentials. The employee enters his or her username and password. That data is forwarded directly to the attacker. If the company does not use multifactor authentication (MFA), the attacker now has full access to the account.
Step 3: escalation. With access to one account, the attacker can search internal emails, download sensitive documents, or impersonate the employee to trick other colleagues. This is called Business Email Compromise (BEC) and is one of the fastest growing forms of cybercrime.
Step 4: the damage. The consequences range from corporate data theft to ransomware infections. At OLV Pulhof in Berchem, an Antwerp school hacked in January 2026, the attack also began with an employee clicking on a phishing email. The result: 45 gigabytes of stolen student and staff data and weeks of disruption.
What will make phishing more dangerous in 2026 than before?
Phishing is nothing new. But three developments will make it a lot harder to distinguish fake messages from real ones in 2026.
Artificial intelligence makes phishing more credible.
Cyber magistrate Peter Peereboom of the Antwerp public prosecutor’s office put it sharply in VRT NWS: scammers are increasingly using AI to appear more credible. Where phishing emails used to be full of spelling mistakes, they are now flawless. AI generates error-free texts in Dutch, tailored to the sector and the target’s language usage.
Phishing-as-a-Service lowers the threshold.
Just as ransomware groups rent out their tools, there are complete phishing platforms that criminals can buy off-the-shelf. De Ceukelaire described the Argenta gang’s platform as amateurish, but considerably more professional variants exist on the dark web. The entry threshold for cybercrime has never been lower.
Targeted attacks on businesses are on the rise.
Where massive phishing campaigns target consumers, businesses are increasingly being targeted by spear phishing: attacks specifically tailored to one person or organization. The attackers do advance research through LinkedIn, the company website and social media to make their messages as credible as possible.
5 concrete measures to protect your business from phishing
Eliminating phishing completely is impossible. But you can drastically reduce the chances of an attack succeeding, and limit the impact if it does go wrong.
1. Test your employees with a phishing simulation. You won’t know how vulnerable your organization is until you test it. In a phishing simulation, your employees receive a realistic but safe phishing email. Those who click are immediately redirected to a page with tips. You will receive a report at the department level, never at the person level, with the click rate and points of attention. This gives you a baseline measurement of your resilience.
2. Invest in security awareness training. A one-time test is a good start, but sustainable behavior change requires repetition. Security awareness training teaches your team to recognize phishing, respond correctly and report incidents. Training doesn’t have to be technical: it’s about recognition patterns, healthy suspicion and a culture where reporting is encouraged rather than punished.
3. Implement multifactor authentication (MFA). CCB research shows that only 46.4% of Belgian organizations have implemented MFA on remote connections. With MFA, a stolen password alone is not enough to log in. It is one of the most effective yet simplest measures.
4. Establish clear reporting procedures. If an employee receives a suspicious message or accidentally clicks on a link, it should be crystal clear what the next step is. Who will be contacted? How quickly? Many companies lose crucial hours because no one knows to whom an incident should be reported. A simple reporting protocol, even a shared e-mail address or Teams channel, makes all the difference.
5. Have your security tested periodically. A cybersecurity audit identifies where your organization is vulnerable, not only technically but also organizationally. Are suspicious emails being filtered? Is your e-mail domain protected against spoofing (SPF, DKIM, DMARC)? Are your backups protected against the consequences of a successful phishing attack?
Flemish subsidies: up to 45% discount on phishing simulations and trainings
A common objection among SMEs is budget. But through the VLAIO SME portfolio, you can receive up to 45% subsidies on cybersecurity advice and training (35% for medium-sized enterprises). Since February 2026, these subsidies have been reserved exclusively for cybersecurity, with a maximum of €7,500 per year.
Specifically, a phishing simulation and associated awareness training become significantly more accessible. You invest in the resilience of your team and the Flemish government pays almost half.
On top of that, VLAIO subsidizes up to 50% of cybersecurity improvement projects, with budgets ranging from €7,100 to €39,000. A combination of a phishing simulation, awareness training and a broader security audit fits within such a trajectory.
Conclusion
The story of Inti De Ceukelaire and the Argenta phishing gang is more than a spectacular news event. It shows how low the threshold for cybercrime has become: four twenty-somethings with a badly programmed platform were able to fish thousands of Belgians. In a corporate context, the consequences of the same techniques are many times greater.
The lesson is clear: Technology alone is not enough. Your employees are both the weakest link and the strongest line of defense, depending on how well trained they are. A combination of phishing simulations, awareness training and technical measures such as MFA provides the most effective protection.
Want to know how resilient your team is against phishing? Cyberplan conducts realistic phishing simulations, tailored to your sector and company size, and guides your employees with comprehensible training. Subsidized up to 45% through the VLAIO SME portfolio.
Schedule a phishing simulation →
Frequently asked questions about corporate phishing
How do I recognize a phishing email?
Watch for different sender addresses, unexpected requests to enter data, and links that do not match the official domain. In 2026, phishing emails are often linguistically error-free thanks to AI, so language errors are no longer a reliable detection tool. Always check the e-mail address behind the sender name.
What should I do if an employee clicks on a phishing link?
Have the employee change the password of the affected account immediately. Report the incident to your IT department or external partner. Check for suspicious login attempts or forwarding rules set on the account. If data theft is suspected: report the incident to the CCB via notif.safeonweb.be and to the GBA if personal data is involved.
What exactly is a phishing simulation?
A phishing simulation is a controlled test in which your employees receive a realistic but harmless phishing email. The goal is twofold: measure how resilient your organization is (the click rate) and create awareness among employees. Results are reported at the departmental level, not the individual level.
How often should you repeat a phishing simulation?
For lasting effect, repetition is essential. A one-time test provides a snapshot, but behavior change requires at least two to four simulations per year, combined with short awareness sessions. Companies that test regularly typically see their click rate drop from 25-30% to below 5%.
Does phishing training fall under the VLAIO SME portfolio?
Yes. Cybersecurity awareness training and phishing simulations have been eligible for the VLAIO SME portfolio since February 2026. Small enterprises receive 45% subsidy, medium-sized enterprises 35%, with a maximum of €7,500 per year.
Why are businesses targeted by phishing more often than individuals?
Businesses hold more valuable data: customer databases, financial information, intellectual property and access to corporate systems. A successful phishing attack on an employee can lead to Business Email Compromise, ransomware or large-scale data theft. The potential payoff for criminals is therefore many times higher than for individual bank customers.
