By email, SMS, instant messaging, social networks or phone, phishing spares no one. Learn how to beat the traps and report any scam attempts you receive to the authorities.

Phishing – or phishing in English – is a scam that lives up to its name. Cyber-offenders pretend to be an official body such as Social Security, the Tax Center, the Caisse d’Allocations Familiale, a serious company such as an Internet service provider, a mobile operator or even a carrier such as Colissimo or UPS, for example. They send you by e-mail or electronic messaging a message inviting you to update data or to identify you in order to resolve a technical problem and unblock a situation. To deceive you, the message displays logo and legal notices practically or totally similar to that of the supposed sender. Except that the button or the link included in the missive on which you must click leads you straight to a trap intended to extort you, without your knowing it, personal or professional information such as usernames, passwords, bank card numbers, etc. The goal: then to usurp your identity using the information you provided to empty your bank account, make purchases on your behalf or even take your data hostage and demand a ransom.

While companies are particularly targeted by these attacks, the general public remains a prime target for phishing attempts. The boom in teleworking since the start of the Covid-19 pandemic is further weakening the barriers against this scam. The home network of the house does not necessarily benefit from the same security measures as that of a company. This makes phishing attempts more likely to be successful. Fake invitations to join a videoconference meeting, parcel delivery scams, personal training account fraud… hackers never lack the imagination to put their scams in context.

The principle of phishing is in fact simple: it is similar to that of fishing – hence its name. We tend a hook at random, and we see which fish will bite by being fooled. Fortunately, there are several ways to spot phishing attempts. Then, all you have to do is report the scam to prevent others from being fooled.

It is well known that the devil is in the details. This also applies to phishing attempts. Sometimes crude and easy to spot, others are more subtle. Here’s how to spot them.

Use common sense

Are you informed of an unexpected refund to which you would be entitled and that you just need to identify yourself to release the payment? This information is unlikely to be true. Public service bodies such as CAF, taxes, URSSAF or even CPAM (Primary Health Insurance Fund or Social Security) never ask either by email or any other email to identify you in order to proceed to a payment. They already have all of your contact details. And you will not fail to receive a letter, postal this one, as soon as the slightest problem is detected. When it’s too good to be true… it is!

Check spelling

Phishing attempts are usually based on official mail. Nevertheless, the pirates rarely reside in France and even less master all the subtleties of the language of Molière. Carefully read the content of the messages supposed to come from your bank, your mutual insurance company or a public service. Watch for spelling, grammar, syntax, capitals, and more. At the slightest mistake detected, the slightest convoluted turn of phrase or without tail or head, you can be sure that it is a phishing attempt.

23778254 — “experts in fear” is an original turn of phrase. © CCM

Check the sender

If you have received a questionable message by email, take a look at the sender’s address and more specifically at the domain name used (the part of the email address located after the @). If it ends in gmail.com, live.com, outlook.com, yahoo.fr, or any such consumer email service, it is a fraudulent email. All official bodies have their own domain name. Ditto for businesses. Any serious company that has a website or online service also has an associated domain name.

23778376 — Strange e-mail address for a mail supposed to come from the newspaper Le Monde. © CCM

Check the links contained in the emails

Phishing attempts most often contain buttons or links that you can click to redirect to a web page. Before clicking on it (if you are using a computer), simply hover the mouse pointer over this famous link. The full link address is displayed at the bottom left of the browser window. If it does not appear to correspond to an official web address, it is indeed a fraudulent email. Unfortunately, this method does not work on smartphones or tablets.

23778416 — The originating website for this email is Tuney.kr (hosted in South Korea). © CCM

Also beware of shortened internet addresses that start, for example, with bit.ly, ow.ly, tinyurl.com, etc. Your bank, an official body or a public service never uses these devices allowing you to summarize a very long Internet address to just a few characters.

Do you think you’ve received a phishing attempt? There are a number of websites that specialize in tracking down such behavior can verify that you’ve been right on the mark. And to prevent other people less scrupulous than you from getting ripped off, report the scam. Several platforms make it possible to inform the authorities of an attack of this type.

Check if the attack has already been spotted

The Government has set up a website specially dedicated to the cyber-surveillance. It allows you to view and deal with the latest phishing attempts and other spotted online scams. You can also find help here if you think you have been the victim of cyber-malware. A free online diagnostic is delivered to you.

The site Phishing Initiative offered by Orange Cyberdéfense, a subsidiary of the incumbent operator, allows it to immediately check whether the website from which the threat emanates is already identified as malicious. All you have to do is enter your address in the dedicated field, check the box I am not a robot and validate with a click on report. If the site is legitimate, you will be immediately notified. On the other hand, if it is considered to be misleading, it will be automatically flagged in order to be blocked.

Report a misleading site

The Home Office offers a simple device to report a phishing attempt with Internet-Reporting. Go to this website with your usual browser and click on the button Report.

Check the box to confirm that your report does not concern an assault, an accident or a fire and click on next step.

On the page that appears, check the box that corresponds to your situation. For a phishing attempt, this is the box Fraud. Click on next step.

On the new page, click next step, except when it comes to reporting spam. In this case, click on the link signal-spam.fr indicated in the first line.

In the next step, indicate, if you wish, the date and time of your observation. Then check the box corresponding to the case that concerns you and click on next step.

It only remains to paste in the field Url the link to the site you want to report. Click on next step.

Finally, you can, if you wish, add a comment to your report. This might include, for example, describing malicious content that you have seen. Click on next step.

This report is not trivial. This is a true testimony. Also, you must complete the form to identify yourself. Enter your details and click on next step.

A summary page of your report is displayed. Check all the information mentioned. Copy the Captcha code and click on Validate.

Your report has been registered.

ccn5

Nice honor for Swedish World Cup gold hero Sebastian Samuelsson – after such a tough season: “I’m proud”

4.5 hour sci-fi marathon that gets more epic by the minute

Netherlands: the new government coalition announces a tightening of the screws on immigration

a mega disappointment and two nice surprises

This Laundry Mistake Is Why Your Towels Are Rough According to Experts