On the occasion of the month of October in Europe dedicated to cybercrime and cyber security, we have chosen, as a company expert in the management and operation of information systems, to ensure our role in the fight against cyber crime by raising awareness and distributing regular content on these topics. After having presented you last week the risks of ransomware for companies, let’s look today at the principle of phishing (phishing).
What is phishing?
Phishing is a technique used by the cyber-hackers aimed at luring users to communicate their personal data (e.g. credit card number, password…) by pretending to be a trusted third party.
How do fraudsters Are they doing this? By impersonating you! They do it mostly by sending counterfeit emails by enticing you to click on an attachment, or by taking you to a counterfeit website as that of a bank of a administration of a telecom operator, Internet Service Provider or a online merchant. Very often, they ask you to update your information, to pay online in order to “regularize your situation”.
What are the tips to avoid phishing?
If you follow certain “golden rules”, the risk of being victim of phishing (or “phishing”) is greatly limited:
1- Never communicate “sensitive” information by email or phone The first thing to know is to never communicate your personal data, your passwords or even your banking data by mail or telephone;
2- Check for suspicious links in emails before clicking on them When you receive a “suspicious” email with an attachment or a link, check the sender address by positioning the mouse on it without clicking. If the address of the link is different from the website announced as the sender, block this sender and delete the message without delay. Be careful, cyber hackers often use very similar email addresses, a simple letter can differ;
3- Contact the organization In case of doubt, contact the organization, supposedly the issuer, to confirm that their services have sent this email or phone call;
4- Use complex and different passwords Apply a drastic policy for managing your passwords. Choose long, complex and different passwords depending on the interfaces you consult.
What to do if you are a victim of phishing?
If you unfortunately realize too late that you have been victim of phishing and you have provided sensitive information to hackers Here are the steps to follow:
1- File an objection If you have communicated your banking information to a malicious entity, stop immediately with your bank;
2- File a complaint If you have communicated your bank details or if you notice that your personal data are used to usurp your identity, file a complaint at the nearest police station.
3- Change your passwords If you are a victim of a usurpation of your email or any other account, change your passwords by applying the good practices relating to the management of passwords;
4- Report a suspicious message If you receive malicious messages or suspicious emails, in addition to the measures you will put in place on your own account, you can report them to SIGNAL SPAM (Signal-spam.fr);
5- Report a phishing address If you have been a victim of phishing, report the site address to PHISHING INITIATIVE who will be able to close the access.
