International forum of Cybersecurity

During the International forum of cybersecurity, Phishing Initiative association revealed an alarming report about phishing in France. More than two million people were victims of this king of cyber-attack in 2015, or close to ten times more than two years ago.

So we wanted to remind you some measures that may prevent scams.

The principle of phishing is to get personal data on Internet. The fraud is based on sending alarming e-mails, for alleged refunds or asking confirmation of your personnal data. They seem to come from trusted source (banks, CAF, Taxes) and invite you to get on form page in order to provide personnal datas and/or financial ones. This informations are later collected by phishers. During the entire procedure, the victims think they are dealing with an official website from an operator they know.

 

How to identify a fraudulent e-mail?

Is the e-mail really directed to you?

Usually, the fraud e-mails are sent to many targets, they are not or bit personalized. The message referres to a file, a bill, a theme that not speaks at all? So it’s certainly a fraud e-mail.

Watch out the unknow senders: you have to be particularly vigilant to e-mails from e-mail adress that you don’t know and doesn’t belong to your contact list.

Be care of the level of langage: even if that is less and less true, some malware e-mails are not correctly written. If the message has typing errors, misspellings or inappropriate expressions, that means it doesn’t belong to credible organization (banks, administrations…).

Check the links in the e-mail: before clicking on the link, leave your mouse, then the complete links appears. Make sure the link is coherent and shows a ligitimate website. Don’t trust domain like impots.gouvv.fr, impots.gouvfr.biz, infocaf.org instead of www.caf.fr.

Watch out strange request: ask yourself the well-founded demands expressed. No organization has the right to ask you your TAM codes, your access codes and passwords. Don’t give nothing confidential even to somebody who announces to be part of your circle.

The source adress is not a reliable criterion: an e-mail adress from a friend, your company, a collaborator can be easily stolen. Only a further research can confirm or not the source of an e-mail. *To note: such manipulation is impossible to do from a smartphone screen.

 

Source CNIL