What is Phishing?

Phishing is a fraudulent technique encountered on the internet. The fraudster will use the identity of an official establishment to obtain confidential information about you (password, credit card number, etc.).

The word “phishing” comes from the contraction of the words “phreaking” (hacking of telephone lines) and “fishing”. In other words, phishing is a kind of victim fishing via communication networks.

Phishing example

You receive an e-mail from a sender, whom you may at first glance appear to know or not, inviting you to connect to their website to update your personal information. There are several possible pretexts: service update, settlement of a dispute, technical intervention, confirmation bank account details, etc.

How to recognize a Phishing attempt

A few good everyday habits can help you avoid the traps of phishing or other fraud on the Internet. During your navigation, be vigilant and respect some good safety practices.
Look for phishing clues

  • Is the email really intended for you?
    Generally, malicious messages are sent to a large number of targets. They are either not, or rarely, personalized.
  • Beware of unknown senders
  • The email contains spelling or grammatical errors
    Not all of course, but some malicious emails are not written correctly. If the message contains typos, misspellings, or inappropriate sentences, then it most likely isn’t the work of a credible organization.
  • The message asks for personal information
    No matter what an official email might look like, it’s always a bad omen if the message asks for personal information. Your bank does not need you to know your account number! They of course gave it to you! Similarly, a reputable company will never ask for your password, credit card number, or answer to a security question via email.
  • Something seems suspicious to you
    if something seems odd to you, there is probably a good reason for it.
  • You know the sender? Stay on your guard anyway!
    An email address can easily be spoofed.
  • There is an attachment to the email

Always use caution when opening an attachment accompanied by a suspicious message or that comes from an unknown sender. Any type of attachment (including an image or document) can install a virus as soon as you open it. This is especially true of a PDF. All current browsers can read PDF, and therefore favour their use because an Adobe Reader not updated is dangerous.

Our advice

If you have received a phishing email

  • Do not respond to emails or texts asking you to enter confidential information – and do not click on the links they contain. Legitimate institutions never ask for this kind of information by email
  • Do not open attachments unless you know for certain that they are from a genuine source.
  • Do not reply to the email
  • Do not call if there is a phone number in the email
  • Delete the email

If you are a victim

  • Call the company the emails appeared to have come from
  • Go to their website and amend your login details straight away
  • Report the email to a competent authority
  • Report the email to Action Fraud
  • Monitor your account for a while

Phishing in numbers

Phishing is one of the most common scams on the Internet today. It is impossible to assess the number of attacks (because that is the term used) but the various studies observe that they have been consistently increasing for years.

APWG Report on fishing emails

97% of people around the world are unable to identify a sophisticated phishing email, according to Intel

More than 80% of respondents to a survey from FishLabs responded that they believed that the green SSL lock meant that the website was and /or safe

92.4% of malware is delivered via email

Please note: Phishers do use SSL certificates on their websites, so if the links on the email are secure (They will use https://). However, that does not mean that the website is necessarily legitimate.
Source: https://docs.apwg.org/reports/apwg_trends_report_q4_2017.pdf).

APWG phishing sites hosted on https

Post your comment

What is a SSL certificate and why use it for your website?
WordPress - and maintenance