Introduction to phishing
Phishing (contraction of the words "fishing" and "phreaking", referring to the hacking of telephone lines), is a fraudulent technique used by hackers to retrieve information (usually bank account information) from internet users.
Phishing is a "social engineering" technique, that is, it involves exploiting not a computer flaw but rather a "human flaw" by duping internet users with an e-mail that looks like it comes from a trustworthy company, typically a bank or a business site.
The e-mail sent by these hackers takes on the identity of a company (bank, e-commerce site, etc.) and invites them to connect online via a hypertext link and to update information concerning them on a form from a fake web page, a carbon copy of the original site, using the pretext for example of a service update, a technical support intervention, etc.
In that the e-mail addresses are gathered randomly on the Internet, the message generally doesn't make much sense since the user is not a customer of the bank the e-mail appears to come from. But given the amount of messages sent, the recipient does sometimes turn out to be a customer of the bank.
As a resulting, using this form, hackers successfully obtain users' logins and passwords or even their personal or bank account information (customer number, bank account number, etc.).
Thanks to this information, hackers are capable of directly transferring money to another account or of obtaining necessary information later by intelligently using the personal information they've collected.
How to protect yourself from phishing
When you receive a message that appears to come from a bank or an e-commerce website, you need to ask yourself the following questions:
- Have I given my messaging address to this establishment?
- Does the e-mail I've receive contain personalized information that makes it possible to verify its truthfulness (customer number, branch name, etc.)?
In addition, you are advised to do as follows:
- Do not directly click the link contained in the e-mail, but rather open your browser and enter the URL to access the service.
- Beware of forms that ask for bank information. It is rare (maybe even impossible) for a bank to ask you for such important information via a simple e-mail. When in doubt, directly contact your bank by telephone!
- Make sure, when entering sensitive information, that your browser is set to secure mode, that is, that the address in the navigation bar starts with https and that a padlock appears on the status bar at the bottom of your browser, and that the site domain in the address corresponds to what it claims to be (pay attention to the spelling of the domain!)