What’s a phishing?
Phishing is used by cybercriminals to obtain personal information in order to commit an identity theft.
The phishing technique is a «social engineering» technique, i.e. consisting of exploiting not an IT flaw but a «human flaw» by deceiving web users through an e-mail seeming to come from a trustworthy company, typically a bank or a business website.
For example, an e-mail sent by these pirates impersonates a company’s identity (bank, e-business website…), invites them to connect online through a hypertext link and to update the information about them in a form of a falsified web page, exact copy of the original website, on the pretext of for example, a service’s update, a technical assistance intervention, etc.
The fraudsters retrieve the personal information such as: password, credit card number, birth date, etc.
This is an attack form that can be done by e-mails, fake websites or other electronic means like sms (smishing), instant messenger (WhatsApp…) or social networks.
How to protect against phishing?
The vigilance is crucial.
In case of a phishing e-mail:
- Don’t trust the sender’s name. If there is any doubt, contact the sender through another method;
- Don’t ever open an attachment from an unknown sender or from one who is not entirely trustworthy;
- Don’t reply to a request of confidential information by e-mail (password, credit card number…);
- Check the links by hovering the cursor over them (without clicking) to ensure that they link to trustworthy websites;
- Be attentive to the quality of the language used by the mail’s sender.
In case of a website’s visit:
- Be attentive to the URL’s spelling;
- Check if the website visited is secure and authenticated by an SSL certificate;
- Check the propriety data of the website.
Source: Nameshield’s White paper – Understanding domain names