How can you effectively combat phishing (phishing)?
Whether financial or banking, personal or strategic, today business data is considered to be real treasures, and hackers are competing for ideas to try to get hold of it. Cybersecurity has therefore become an indispensable weapon to defend against the numerous cyberattacks that take place every year in France and around the world.
According to the 5E Business cybersecurity barometer of the CESIN (Club of Information and Digital Security Experts) by OpinionWay published in January 2020, 65% of French companies said they had suffered at least one cyberattack in 2019, but only 4 out of 10 companies claim to be prepared in the event of a large-scale cyberattack.
Phishing is one of the most common cyberattacks: 79% of French businesses were victims of phishing in 2019. And with Covid-19, scams have multiplied (sale of masks or hydroalcoholic gel, call for donations, etc.).
Learn what phishing is and how to protect yourself from it.
What is phishing?
The word phishing comes from the contraction of two English words: phreaking which means telephone hacking and fishing which means fishing. In French, phishing is translated as phishing.
This is a very common fraud technique on the Internet that allows hackers to recover sensitive personal data (banking information, passwords, etc.) of Internet users by pretending to be a trusted third party such as your bank, your energy supplier, a public institution (such as Health Insurance, taxes, etc.), your Internet access provider (ISP) or telephone, or even an e-commerce site.
Phishing is mostly carried out by email, but you can also fall victim to this fraudulent technique via social networks, text messages, or by telephone.
How does it work?
Most often, you receive an email that seems to come from a trusted organization or business inviting you to click on a link to update your personal information, pay outstanding bills, view a message, or download an attachment.
However, the link takes you to a fake website, a copy of the original, created by the hackers. The information you enter is then retrieved directly by fraudsters who will use it to impersonate you or extract money from you.
As for attachments, they contain viruses or malware (malicious software in French) that affect your computer and can, depending on the type, block access to your files in exchange for a ransom (ransomware); collect personal information (spyware); or damage your computer or the company network (worms).
7 tips for fighting phishing
Unlike other cyberattacks that exploit possible flaws in computer systems or computers, phishing takes advantage of human naivety. In fact, according to the CESIN survey, 43% of the risk of a cyberattack is caused by the negligence or error of handling or configuring an employee.
It is therefore essential to encourage your employees to be suspicious before opening an email, and to train them to identify phishing attempts and learn the right actions to take to avoid taking the bait.
Avoid opening emails from unknown recipients
Always be wary of messages you receive from complete strangers, especially if they give you gifts or money for no reason. Avoid opening the email, but above all, avoid clicking on the link in the message or downloading the attachment.
Verify email address
Have you just received a message from your bank, electricity or Internet service provider, but are you unsure? Start by verifying the sender's email address. Does it match the messages you usually receive? Does it include the company's domain name? For example, Free Mobile's email address should be freemobile@free-mobile.fr, not log@adiciel.fr. Also, pay attention to the spelling, which can sometimes be very similar: BMP Paribas instead of BNP Paribas.
Check the link in the email
To do this, position your mouse on the link without clicking to display the address. You can then check if the address of the link corresponds to the real address of the organization that is contacting you. Be careful because this can sometimes be very subtle and involve only one character (one less letter, one duplicate letter or one letter replaced by another).
Look at the domain name
You have opened an email and clicked on the link, but once on the website, you are asked to enter your personal and/or bank details, and you are in doubt. Check the website address to make sure you're on the right site, not a copy created by scammers. As with the email address, pay attention to the spelling. For example, instead of https://www.impots.gouv.fr/accueil.
Do you have any doubts? Do not provide any information and close the page.
Pay attention to the spelling and the quality of the images
Most phishing attempts are written with spelling mistakes and poor syntax, and/or contain poor quality images that are often pixelated. Today, however, the quality of phishing emails is tending to improve, so be extra vigilant.
In any case, do not hesitate to contact the organization concerned directly if you have any doubts.
Train your employees in cybersecurity
Today, the training and awareness-raising of all employees of a company are the best defenses against the risk of cyberattacks. This way, they will be more wary, they will be able to identify the various online threats and they will know what attitudes to adopt.
Communicate securely
When you need to discuss sensitive topics or share confidential data with your employees, customers, partners or suppliers, prefer the use of secure chats with encryption rather than email. The same goes for sharing sensitive documents or files for which you can use Data rooms secure.
Finally, know that no organization will ever ask you for your bank details. Such a request should alert you immediately.
Want to know more about cybersecurity? Discover 8 cybersecurity sites you should definitely follow and 4 cybersecurity recommendations to apply when working from home.
