Phishing, or Fishing, is a technique employed by computer hackers to get personal information for the purpose of committing identity fraud. The technique consists of making the victim believe they are communicating with a trusted third party – bank, administration, etc. – in order to get them to disclose personal information: password, credit card number, date of birth, etc. It is a form of IT attack that relies on social engineering. It may be perpetrated by email, on fraudulent websites or by other electronic means.
Generally speaking, IT criminals use phishing to steal money. The most common targets are online banking services, Internet service providers and auction websites such as eBay and PayPal. Phishing proponents usually send emails to a large number of potential victims.
A phishing email can usually be recognised by the following tell-tale signs:
If you have received an email that includes one of these clues, you can simply ignore it. Do not click on the suggested link. If you have doubts regarding the authenticity of the message, you can also open your browser and enter the address of the site you wish to visit yourself.
The most important behavioural measure consists of ignoring suggested links in emails, or visiting websites you are not familiar with.
In France, Internet users are invited to report their own (bad) experiences to the National Police’s monitoring unit or to send them links to any websites they suspect are illegal.
There are charitable organisations that help Internet users protect themselves against this type of fraud:
The following technical measures can be implemented: