We regularly hear the word "phishing" or, in good French, "phishing", back in the news. Perhaps you yourself have been a victim (perhaps even without knowing it, everything is possible). Be that as it may, no one is safe from such an attack, so it's important to know what it's all about, then learn how to protect yourself from it.

This is what we will see in this article. At first, we will see what exactly phishing is. Then, we will see how it is possible to protect themselves effectively, and also how some companies help us in this direction.

Phishing is not as stupid as it sounds

You will be able to see that it is not very complicated, and that it is actually quite simple not to be had, having the right reflexes.

Phishing is used to recover your data

Basically, phishing is a technique that can be used to recover your personal data , without you being suspicious. This is a kind of social engineering: understand that no security flaw in any software is exploited, because it is you and only you who voluntarily give this data .

Of your own free will, yes, because a fraudster using phishing against you knows how to trust you. In reality, you will not feel like talking to a stranger, but with a company, a service, or even a bank that you know well.

Most often, phishing is done by email. You receive in your mailbox any message asking you to enter certain data, such as a password, banking information, etc.

Responding to these messages by disclosing the data requested is not a synonym for stupidity, quite the contrary: if many easily fall into the panel, it is because these messages are well done.

The fraudster copies the official messages

And the problem is there: the message you receive does not seem to come from anyone. A conscientious fraudster will have no trouble reproducing the style used by online services in their messages, and may even reuse their own images. In short: without looking well, we swear to have an official message in front of us .

Moreover, some go even further by going to reproduce web pages. It is indeed much easier than you think to recreate a complete web page, copying the original style. With forms that go straight into the fraudster's mailboxes instead of their usual destinations, of course.

How to protect yourself from phishing?

If we stop at this quick definition, nothing seems to protect us from phishing. But there are signs that allow you nevertheless not to be trapped.

First, the message itself. Look closely at the style, or the images. The amateur fraudster will not bother to use a logo for example, while most organizations that may ask you for sensitive information will do so.

This is for a fraudster who does not bother to pay attention. Others create emails that are really similar to the official ones, and you have to look a little further. In this case, we can always look at the content of the email itself.

Yes, if the fraudster wants some information, he can not only copy, he will write himself. Official organizations rarely make mistakes in their messages: seeing many mistakes in an email is a good sign that you are dealing with an amateur.

But then, what if the fraudster applies the same styles, without fail, without any sign showing that he is not the body he claims to be? It is always the last resort: check the address of the sender . If this address uses a strange domain name, run away!

The advantage of this last resort is that it also works for phishing using fake websites. A reproduction will not be able to use the same name of domain , and it is therefore on this side that it will be necessary to watch (be vigilant on the close URLs, like face-book.com or twiitter.com for example).

you are not alone

It sounds a little naive said like that, but know that you are not alone. A fraudster does not blame you personally and sends waves of emails. Generally, this ends up being known and the organizations concerned publish this information to warn their users.

From there, you know if a message should absolutely be avoided.

Moreover, the organizations to whom you entrust your data are generally not incompetent, and know very well that such attacks exist. This is why all follow the same rule: never ask for sensitive information by e-mail (it is also indicated in their real mails for some).

In other words, if PayPal sends you an email asking you for your password in response, it is not PayPal, and you can quietly delete the message.

Do you really know a situation in which your bank would ask you for sensitive information? Me neither. And if it ever did, a counselor would call you, or that kind of thing.

Whatever happens, if you are asked for personal information, nothing presses, and nothing happens by email. This is the golden rule.

In case the information is really required, therefore, a form will be present on the website of the organization, allowing you to enter it. Of course, you will have taken good care not to click on any link of the mail: to access such a form, if it exists, it is better to enter oneself the address of the web site in question (all the utility a history or, better, bookmarks is there).

Spam like another

Phishing is nothing but old-fashioned spam. And some mail clients manage to detect them as such. For example, Gmail warns you when it suspects that an email is not sent by the sender it claims to own.

By following these basic guidelines, you should never fall into the trap of phishing. If you only had to remember one rule finally, it would be the last one: if in doubt, go to the website you know is true, and see if you are asked