Last updated: December 26, 2022
Le Phishing, is a forgery technique used by hackers to steal your identity and recover your sensitive information like passwords and credit card numberss.
It is a technique very popular with hackers because it is easy to perform and without risk for them.
To carry out their attack, all they need is a web page hosted abroad. The benefit is immediate and certain, especially since the techniques have evolved so much that it is sometimes very difficult to differentiate between a legitimate page and a fraudulent page.
According to the Microsoft Computing Safety Index, the annual global impact of phishing reaches $ 5 billion.
How does phishing work?
This attack consists in exploiting not a computer flaw, but the human flaw by deceiving Internet users by means of a link appearing to come from a trusted company, typically a bank or a commerce site.
The technique consists of making the victim believe that he is addressing a trusted third party administration, bank, social network, ... etc) to retrieve personal information.
It is a form of computer attack based onsocial engineering and it can be done by email, spoofed websites, or over the phone.
Mediafixer hackers exploit the naivety of users who believe they receive a legitimate email from a bank or a company.
The email invites them to connect online by means of a link and to update information concerning them in a form of a dummy Web page, a true copy of the original site, by pretext for example of an update of the service or a refund.
Thanks to this attack, hackers get personal information like bank account number, customer number, confidential code, social media password.
After retrieving this information, hackers carry out fraudulent financial transactions and sometimes resell this stolen information over the network. darknet.
In the following, I will show you how hackers carry out their attacks. I will be using a python tool designed to allow the creation of a site clone. This is a demonstration, I formally advise against using it to trick third parties.
How to protect yourself from phishing?
Check the URL before accessing the website
The first thing to do: it is check the web address in the browser's address bar when you are asked to click on a website.
- A simple attack: It consists of using a domain misspelled, like http://www.faceboook.com/ instead of http://facebook.com/. Of course, the attacker will have previously purchased the misspelled domain name.
- A more elaborate attack: That is is the use of a web address containing the "@" symbol.
For example the web address: http://www.paypal.com:refID12344234324@www.funinformatique.com / leads to https://www.funinformatique.com and not http://www.paypal.com. A variation on using the '@' is to use a subdomain, for example http://www.paypal.com.example.com.
So to avoid falling into the for stealing information always check the address of the website you are being asked to click on.
While it is sometimes very difficult to tell the difference between a legitimate page and its fraudulent copy, you should not be naive. In doubt, connect to the site by following the normal route and not by clicking on a link.
Check the spelling of the website and the email received
The presence of spelling errors can be indicative of a phishing attempt. Unfortunately, spelling errors have diminished in fraudulent emails and websites (most are now written in impeccable French and without spelling mistakes…).
What to do when you are a victim of phishing?
When you are the victim of phishing scam, it is necessary to react as follows:
- First, of course, do not panic, do not reply to the message received, do not pay a ransom, and do not open any potential attachments attached;
- Quickly change your passwords on services affected by these attacks;
- Notify your bank of the attack of which you were the victim;
- Then, as the CNIL advises on its page, take screenshots of the message in question, and report the scam on internet-signalement.gouv.fr.