CASES.LU

Glossary

  1. ▹ Antivirus
  2. ▹ Assets
  3. ▹ Authentication
  4. ▹ Availability
  5. ▹ Basic criteria for risk analysis
  6. ▹ Computer Hacks
  7. ▹ Confidentiality
  8. ▹ Control
  9. ▹ Cryptography
  10. ▹ Cybercrime
  11. ▹ Cybercriminals
  12. ▹ DRP – Disaster Recovery Plan
  13. ▹ Data backups
  14. ▹ Data loss
  15. ▹ Defacement
  16. ▹ Disinfect machine with a live CD
  17. ▹ Disposal
  18. ▹ Email
  19. ▹ Firewall
  20. ▹ Human error
  21. ▹ IDS/IPS
  22. ▹ Image rights
  23. ▹ Impact
  24. ▹ Integrity
  25. ▹ Internet and copyright
  26. ▹ Legal Aspects
  27. ▹ LuxTrust
  28. ▹ Malicious Codes
  29. ▹ Malicious websites
  30. ▹ Network segmentation
  31. ▹ Password
  32. ▹ Patches
  33. ▹ Phishing
  34. ▹ Physical faults
  35. ▹ Securing a fixed workstation
  36. ▹ Physical theft
  37. ▹ Recommendations for securing a file server
  38. ▹ Recommendations to secure a server connected to Internet
  39. ▹ Recommendations to secure a Web server
  40. ▹ Removable devices
  41. ▹ Risk processing
  42. ▹ Spam – unwanted emails
  43. ▹ SSL/TLS – encryption technologies on the web
  44. ▹ Update softwares with Secunia PSI
  45. ▹ Security Charter
  46. ▹ Social engineering
  47. ▹ Threat
  48. ▹ Virtual Private Networks (VPNs)
  49. ▹ Vulnerabilities
  50. ▹ Web of Trust - WOT
  51. ▹ Web filter – Proxy
  52. ▹ Why is it important to protect your computer?

Phishing

In brief

Phishing, or Fishing, is a technique employed by computer hackers to get personal information for the purpose of committing identity fraud. The technique consists of making the victim believe they are communicating with a trusted third-party – bank, administration, etc. – in order to get them to disclose personal information: password, credit card number, date of birth, etc. It is a form of IT attack that relies on social engineering. It may be perpetrated by email, on fraudulent websites or by other electronic means.

Generally speaking, IT criminals use phishing to steal money. The most common targets are online banking services, Internet service providers and auction websites such as eBay and PayPal. Phishing proponents usually send emails to a large number of potential victims.

How to recognise phishing

A phishing email can usually be recognised by the following tell-tale signs:

  • the email does not address you by name
  • the email incites you to act quickly
  • the email contains a link you have to click on

If you’ve received an email that includes one of these clues, you can simply ignore it. Do not click on the suggested link. If you have doubts regarding the authenticity of the message, you can also open your browser and enter the address of the site you wish to visit yourself.

Behavioural measures

The most important behavioural measure consists of ignoring suggested links in emails, or visiting websites you are not familiar with.

Organisational practices

In France, Internet users are invited to report their own (bad) experiences to the National Police’s monitoring unit or to send them links to any websites they suspect are illegal.

There are charitable organisations that help Internet users protect themselves against this type of fraud:

Technical measures

The following technical measures can be implemented:

  • SPAM filter in your email client
    • Phishing attacks are normally large-scale attacks. It is therefore likely that your email client recognises it as spam and marks it accordingly.
  • Phishing filter in your browser
  • Use the Web of Trust (WOT) add-on
  • Use a web filter (proxy)

Table of Contents