We regularly hear the word “phishing” or, in good French, “phishing”, come back in the news. Maybe you yourself have been a victim (maybe even without knowing it, anything is possible). Either way, no one is safe from such an attack, and it is therefore important to know what it is in order to learn how to protect yourself.
This is what we will see in this article. First, we'll see what exactly phishing is. Then, we will see how it is possible to protect against it effectively, and also how some companies are doing to help us in this direction.
You will notice yourself that it is not very complicated, and that it is actually quite easy not to be fooled, by having the right reflexes.
Phishing is used to recover your data
Basically, phishing is a technique that can be used to retrieve your personal data , without you being suspicious. It's a kind of social engineering: understand that no security flaw in any software is exploited, because it is you and you alone who voluntarily give this data .
Of your own free will, yes, because a fraudster using phishing against you knows how to make you feel confident. In reality, you won't feel like you're chatting with a stranger, but with a company, service, or even a bank that you know well.
Most often, a phishing is indeed carried out by email. You receive any message in your inbox asking you to enter certain data, such as a password, banking information, etc.
Responding to these messages by disclosing the requested data is not synonymous with stupidity, on the contrary: if many fall easily into the trap, it is because these messages are well done.
The fraudster copies official messages
And here the whole problem is: the message you receive doesn't seem to come from just anyone. A conscientious fraudster will have no trouble reproducing the style used by online services in their messages, and may even reuse their own images. In short: without looking well, we would swear to have an official message in front of us .
Moreover, some go even further by going to reproduce web pages. It is indeed much easier than you might think to recreate a complete web page identically, copying the original style. With forms that go straight to the fraudster's mailboxes instead of their usual destinations, of course.
How to protect yourself from phishing?
If we stop at this quick definition, nothing seems to be able to protect us from phishing. But there are signs that nonetheless allow you not to be trapped.
First, the message itself. Take a good look at the style, or the pictures. The amateur fraudster will not bother to use a logo, for example, while most organizations that may ask you for sensitive information will.
This is for a fraudster who doesn't bother to pay attention. Others create emails really similar to the officials, and you have to look a little further. In this case, we can always look at the content of the email itself.
Yes, if the fraudster wants certain information, he cannot just copy, he will have to write himself. Official organizations rarely make mistakes in their messages: seeing a lot of mistakes in an email is a good sign that you are dealing with an amateur.
So what if the fraudster applies the same styles, without fail, without any sign that he is not the organization he claims to be? The last resort is always to check the sender's address . If this address uses a strange domain name, run away!
The advantage of this last resort is that it also works for phishers using fake websites. A reproduction will not be able to use the same domain name , and it is therefore on this side that it will be necessary to look (be vigilant on the close URLs, like face-book.com or twiitter.com for example).
you are not alone
It sounds a little naive said like that, but know that you are not alone. A fraudster doesn't blame you personally and sends waves of emails. Usually, this becomes known and the targeted organizations publish this information to warn their users.
From there, you know if a post should absolutely be avoided.
In addition, the organizations to which you entrust your data are generally not incompetent, and know very well that such attacks exist. This is why everyone follows the same rule: never ask for sensitive information by e-mail (this is also indicated in their real e- mails for some).
In other words, if PayPal sends you an email asking for your password in response, it is not PayPal, and you can quietly delete the message.
Do you really know of a situation in which your bank would ask you for sensitive information? Me neither. And if it ever really was, a counselor would call you, or that sort of thing.
Whatever happens, if you are asked for personal information, there is no rush, and especially nothing goes by e-mail. This is the golden rule.
In the event that the information is really required, therefore, a form will be present on the organization's website, allowing you to enter it. Of course, you will have taken care not to click on any link in the email: to access such a form, if it exists, it is better to enter the address of the website in question yourself (all the usefulness a history or, better, bookmarks is there).
Spam like any other
Phishing is nothing but good ol 'spam. And some email clients manage to detect them as such. For example, Gmail alerts you when it suspects that an email is not being sent by the sender it claims to own.
By following these few basic guidelines, you should never fall into the trap of phishing. If you had to remember only one rule in the end, it would be the last: if in doubt, go to the website that you know to be true, and see if you are asked for the information. in question !