What’s a phishing?

Phishing is used by cybercriminals to obtain personal information in order to commit an identity theft.

The phishing technique is a «social engineering» technique, i.e. consisting of exploiting not an IT flaw but a «human flaw» by deceiving web users through an e-mail seeming to come from a trustworthy company, typically a bank or a business website.

For example, an e-mail sent by these pirates impersonates a company’s identity (bank, e-business website…), invites them to connect online through a hypertext link and to update the information about them in a form of a falsified web page, exact copy of the original website, on the pretext of for example, a service’s update, a technical assistance intervention, etc.

The fraudsters retrieve the personal information such as: password, credit card number, birth date, etc.

This is an attack form that can be done by e-mails, fake websites or other electronic means like sms (smishing), instant messenger (WhatsApp…) or social networks.

How to protect against phishing?

The vigilance is crucial.

In case of a phishing e-mail:

• Don’t trust the sender’s name. If there is any doubt, contact the sender through another method;
• Don’t ever open an attachment from an unknown sender or from one who is not entirely trustworthy;
• Don’t reply to a request of confidential information by e-mail (password, credit card number…);
• Check the links by hovering the cursor over them (without clicking) to ensure that they link to trustworthy websites;
• Be attentive to the quality of the language used by the mail’s sender.

In case of a website’s visit:

• Be attentive to the URL’s spelling;
• Check if the website visited is secure and authenticated by an SSL certificate;
• Check the propriety data of the website.

Source: Nameshield’s White paper – Understanding domain names