Phishing is a technique that consists in making the victim believe that he is talking to a trusted third party, in order to steal confidential information (password, credit card number…) to divert funds. The scam is most frequently based on the counterfeiting of an Internet site.
Tax offices, social organizations, insurance companies, banks or operators never ask for personal data by e-mail.
However, phishing attacks are becoming more and more common. It should also be noted that email bombs sent by third parties pretending to be your bank or your operator in order to steal personal information are increasingly deceptive (the message is often personalized and without spelling mistakes), which requires vigilance.
How to spot phishing attempts?
You receive an alarming email or one claiming a refund in your favor that appears to come from a trusted source (bank, etc.). You are asked to go to a form page to provide personal data.
You receive an e-mail in which you are asked to “update” or “confirm following a technical incident” your data, particularly banking data.
You receive an e-mail from your operator telling you that your bank has refused the last debit and asking you to pay your bill as soon as possible.
Good to know: It may be appropriate to try to open other hyperlinks such as, for example, those located at the bottom of the page. These links, being mostly inactive, will lead you to an error message which may confirm a phishing attempt.
You receive an email or a text message from a malicious person who pretends to be your operator. By clicking on the link in the fraudulent message, you are automatically sent to a counterfeit Internet page bearing the operator’s logo. Confident, you spontaneously communicate the information that is requested of you, in particular your login, password and/or bank card number.
With this information, the scammer can act in different ways:
- Remove a new SIM card from a terminal. With the SIM card in his possession, the fraudster can then make calls from your line or bypass the main security device “3D Secure”. The fraudster can then retrieve the security code sent by your bank by SMS, in order to carry out a financial transaction from an Internet site. This is a “SIM card scam”.
- Recover control of your email address and send a distress message to your contacts to purchase credit cards or coupons.
- Order a phone or subscribe on the Internet in your name with your identifiers.
The effective ways to protect yourself from phishing
- Take into account the advice given on your operator’s website,
- Always check the identity of your contact,
- Make sure that the address of the website (its URL) is the usual address of the person or organization concerned,
- Give preference to entering personal information (bank details, identifiers, etc.) on secure websites. Be careful, the padlock that appears in the browser and the address of the site that begins with Https instead of http, do not guarantee that the site is not a fake,
- Adopt the golden rule of never communicating your personal information (secret code, bank details, etc.) to anyone,
- Regularly change your passwords, which must be sufficiently complex,
- Make sure that your anti-virus software is regularly updated,
- Do not click on links contained in e-mails,
- Use the protection features against phishing and malware offered by Internet browsers,
- Install spam filtering software,
- Remain vigilant when an e-mail requests urgent action,
- If in doubt, immediately contact your bank branch or your operator.
Find more cybersecurity tips in this article.