The technique known as phishing or phishing in French has been making the headlines in general newspapers for several months. But what is this fraud actually used by hackers around the world? Is it possible to protect your smartphone, tablet and / or computer from this type of attack without any technical knowledge?
Phishing attack
Phishing, also called phishing, is a technique used by hackers to steal personal information, including credit card numbers or login credentials. To realize their mischief, scammers use a simple email..
Their goal is to try to pass themselves off as a trusted authority (bank, social network, government entities, ISP, public institutions like the CAF, etc.) and thus make internet users believe that the message is of particular importance.
Once the email is opened, hackers will use different ploys to trick their victims into disclosing personal information. It may be a false message masquerading as a large bank and asking the victim to connect to his bank accounts to cancel a false transaction of several thousand euros..
Obviously the link in the email does not point to the bank's official website but to an almost identical copy made by the scammers. The data entered (username and password) in this false form is then recovered by the scammers.
These attacks can have devastating consequences for the victims. Emptied bank accounts, unsolicited purchases or identity theft, there are countless thefts and phishing scams..
How to recognize phishing attacks
Companies, ministries, individuals, NGOs are no longer the only people targeted by these attacks. Individuals like you and me can be the target of these false messages. The phenomenon is global and affects all countries without distinction.
The hardest part is obviously to recognize the attacks in order to be able to guard against them. Unlike the virus that directly attacks the machine and its security devices (antivirus or firewall), phishing relies solely on the credulity of people.
So be especially careful when you receive a message. Be wary of anything that seems too good to be true. The crooks do not hesitate to put forward very large reductions or particularly lucrative offers to push you to recover your bank details.
The other favorite technique of cybercriminals is to make you believe that an impending disaster is about to happen. It can be the deletion of your email account or a blocked social security refund of several hundred euros.
Obviously, the email clearly states that you must regularize your situation as quickly as possible by logging into your account. The link provided in the email refers to a fraudulent site similar to the real one and whose sole purpose is to recover your login details.
In general, you have to be wary of all the out of the ordinary messages. E-mails pretending to send premiums or highlighting overpayments of refunds should be on your mind.
5 clues to thwart a phishing attempt
It must be recognized that the crooks redouble their imagination and efforts to develop their attacks. False messages are increasingly difficult to distinguish from emails from a real company.
However, if we look more closely, we usually find in the messages several clues to highlight the attempted scam. Here is a non-exhaustive list of checks to perform before clicking on a link.
The message contains repeated spelling or grammatical errors as well as syntax errors. Be very careful. Most of the time, phishing writers use online translation tools to write their message. Carefully check the sender's email address. If the message comes from a bank, a company or a public institution, the domain name of the email must be identical to that of their website.
Some hackers do not hesitate to create false addresses to pass themselves off as an official body. It is most often a domain name very close to one or two letters. The objective here is to create confusion in the mind of the Internet user. The similarity between the addresses suggests to the victim that it is not an attack.
Please note that the fact that the sender address is correct does not guarantee the authenticity of the message. Hackers today know how to send messages with a spoofed email address. These identity theft techniques are unfortunately very common on the net and widely used to steal data.
Beware of the links in the messages. Hover your mouse over the text and check the full address in the status bar of your browser or email client. In case of doubt about the authenticity of the domain name (misspelling, letters repeated several times) do not click.
Note that more and more hackers are using bit.ly, goo.gl URL shorteners. These tools allow you to hide the original URL. The user no longer knows what he is clicking on. If you are faced with this scenario, do not click on the link. Very few companies use URL shortcuts to communicate with their customers.
Do you still have to remember. Do not disclose your bank details to anyone, not even your bank staff. You should also never connect using a link in an email or text message. If in doubt, you should contact your bank immediately.
If you think you have been the victim of an online scam, the DGCCRF (Directorate General for Competition, Consumption and Fraud Prevention) site offers a platform for reporting fraudulent sites. More information can be found in the link above.
