Phishing is the simplest way for the cyber criminals to launch their attack. The criminals use fraudulent Emails to convince you to click on a suspicious link or open an attachment to install malware or redirect you to a landing page to steal personal data and login details. The Email may look like an official Email from your employer, a government agency or a large corporation. Most of the time, "phishing" Emails are sent in waves to a very large number of Internet users. The alarmist nature of the message encourages some people to connect to a fake website to provide information for example.
How to identify a phishing Email?
The message creates a sense of urgency
Dodgy looking Email or web addresses
The domain name is misspelt. Poor design, typos or bad spelling
They ask you to do something unusual
A site doesn't display the padlock symbol in the address bar when you log in
The Email is poorly written
It includes infected attachments or suspicious links
How to limit the risk of fraud?
Learn to spot fake Emails and fake websites
Avoid visiting sites that do not have the mention "https" in the internet address or the padlock indicating a secure connection.
Limit the dissemination of information (social networks, websites, standard mail templates, signature...).
Verify the legitimacy of such a request by making a counter-call to a number already referenced or by implementing the procedure provided internally.
Beware of urgent Emails requiring action (e.g., "Security Check", "Activation", "Verification" or any request to wire funds or make other payments). Think before clicking on a link.
Do not provide sensitive personal information over Email. A better practice is to call the sender directly.
What to do about a suspicious Email?
Do not click on links.
Do not open attachments.
Don't answer.
