Protect Yourself against Phishing
Phishing (or phishing) is a technique for the fraudster to make the victim believe that he is talking to a trusted third party, in order to steal confidential information (password, credit card number, etc.) to embezzle funds. The scam is most often based on the counterfeiting of a website. In principle, tax centers, social organizations (CAF, mutual, etc.), banks or operators never ask, by email, to enter personal data.
However, phishing attacks are claiming more and more victims. It should also be pointed out that trapped e-mails sent by third parties masquerading as your bank or your operator in order to divert personal information are more and more misleading (the message is often personalized and without spelling errors ), which requires being vigilant.
Good to know: It may be appropriate to try to open other hypertext links such as, for example, those located at the bottom of the page. These links, being mostly inactive, will lead you to an error message which can confirm a phishing attempt.
How it works and the consequences of phishing
You receive an email, an SMS from a malicious person pretending to be your operator. By clicking on the link in the fraudulent message, you are automatically sent to a counterfeit internet page, bearing the operator’s logo. Confident, you spontaneously communicate the information which is requested of you, in particular the identifier, the password and / or the number of bank card.
With this information, the fraudster can act in different ways:
Remove a new SIM card in a terminal. In possession of the SIM card, the fraudster can then make communications from your line or bypass the main “3D Secure” security device. It thus retrieves the security code sent by your bank by SMS, to carry out a financial transaction from a website. This is a SIM card scam. Recover control of your email address and send your contacts a distress message for the purchase of PCS MasterCard or Trans cash coupons.
Order a phone or subscribe on the Internet to your name with your credentials.
Use reporting platforms
Phishing scam attempts can be reported on the PHAROS the official portal for reporting illegal content on the Internet is also possible to register for free and download an extension for the messaging software or the browser. Want to know more about Phishing you can read here.
Before we go into that, here’s a brief overview of what phishing is (for more detail, check out this expert feature). In short, it’s a vector for identity theft where cybercriminals try to get users to hand over personal and sensitive information (without them knowing it). Interestingly, phishing has – in one form or another – been around for years via phone calls and physical letter scams. However, some information security pros now believe that cybercriminals view phishing attacks as a successful (and easy) way of getting into an enterprise to launch more sophisticated attacks. Humans are, after all, increasingly seen as the weakest link (insider threats are a big problem) and thus the most effective target for criminals looking to infiltrate an enterprise or SME.
You should pay particularly close attention to shortened links, especially on social media. Cybercriminals often use these – from Bitly and other shortening services – to trick you into thinking you are clicking a legitimate link, when in fact you’re being inadvertently directed to a fake site. You should always place your mouse over a web link in an email to see if you’re actually being sent to the right website – that is, “the one that appears in the email text” is the same as “the one you see when you mouse-over.
Cybercriminals may use these ‘fake’ sites to steal your entered personal details or to carry out a drive-by-download attack, thus infesting your device with malware. Sometimes a reputable company does need you to do something urgently. For example, in 2014, eBay asked its customers to change their passwords quickly after its data breach. However, this is an exception to the rule; usually, threats and urgency – especially if coming from what claims to be a legitimate company – are a sign of phishing.
Some of these threats may include notices about a fine, or advising you to do something to stop your account from being closed. Ignore the scare tactics and contact the company separately via a known and trusted channel.