Phishing: beware of the emails in your inbox

#Security 05.02.2019 3min Last update : 10.25.2020

Phishing is a technique widely used by hackers to obtain your personal information by stealing the identity of a company, financial institution, or authority. The scam typically involves imitating the website of a bank or an online retailer.

According to a study conducted by Intel, 97% of computer users don’t know how to identify phishing emails. Yet, these email scams are still extremely widespread. And the threat only continues to grow.

Major companies targeted the most

In its annual report, cybersecurity company Area 1 Security states that 89% of all phishing attacks reported between May 2018 and February 2019 were directed at 64 large corporations. Recently, major French bank BNP Paribas raised the alarm about a phishing attack that it was struck by. “An email that seems to come from our address warrants.info@bnpparibas asks you to update your personal contact information and claims to send you a confidential code by text message,” the bank explained. “This email has not come from us; it is a fraud attempt.”

The URL included in the email is usually hidden or masked in order to appear genuine. These emails look like they come from a trusted source (such as a bank, social security agency, telecoms provider, or tax authorities), asking you to visit a website and fill in a form with your personal data, often your bank details.

Scaring you into giving away sensitive data

The emails sent by hackers often have an alarmist tone (e.g. ‘your account will expire’ or ‘you have just made a purchase’) or claim that you are owed a reimbursement. They use the company’s logo and branding to deceive you into providing your confidential information.

Since early 2018, we have seen a net increase in phishing attacks. In February alone, we blocked three times more phishing attacks than the larger waves of attacks identified in the whole of 2017”, announced email filtering service Vade Secure.

Fake President fraud – a phishing technique of choice

Fake President fraud is one of the most common techniques used by email scammers. The aim is to con an employee into making a transfer by email to a fraudster, who is impersonating a company director or a supplier. $3 billion have been stolen over the past 3 years in the United States through this type of scam. In France, more than 500 companies have fallen victim to Fake President fraud, resulting in the theft of €485 million.

Tackling the threat of phishing

Your company’s data is highly valuable. So, to avoid any risk of loss through fraudulent emails, it’s important to know how to identify these messages and act accordingly.

Here is some advice from the French Directorate General for Competition, Consumer Affairs and Prevention of Fraud (DGCCRF) to help protect yourself against phishing.

  • Emails that are phishing attempts are very often anonymous (Dear customer, madam, etc.).
  • Tax authorities, banks, and social security agencies never ask for personal information by email.
  • Do not click on the links contained in the email; these links can take users to fraudulent sites.
  • Go directly to the official website of the body in question by typing the web address in the browser.
  • Be vigilant when you receive an email requesting urgent action.
  • Use the filter option in your browser; most browsers including Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari offer potential phishing alerts. They may work in different ways (blacklist, keyword, whitelist, etc.) and are not perfect, but they still help users to maintain vigilance.
  • Use software with an anti-spam email filter; these attempts at fraud are usually spread through emails. Even if the filtering software is not perfect, it still reduces the number of phishing emails that reach your inbox.
  • Never reply to such emails or forward them.
  • If you have any doubt or if there’s a problem, contact the bank or body that email appears to be from immediately.
  • In general, be vigilant and use common sense; not everything on the internet is necessarily true.