search
Where Thought Leaders go for Growth
Reference a solution

Phishing: tips for recognising and protecting against it

Phishing: tips for recognising and protecting against it

By Hélène Trijolet

Published: 14 November 2024

Canyou fight phishing? A few tips on how to recognise this phishing technique and how to protect yourself from identity theft.

What is phishing?

Phishing consists of tricking users into revealing personal or financial information via an e-mail message or website. The term phishing comes from "fishing" and "phreaking". It is a kind of fishing for victims using computer tools.

This technique consists of exploiting the human flaw in the computer, i.e. the Internet user. They are duped by an e-mail that appears to come from a trusted company, such as a bank or a shopping website. In this case, the flaw is not an IT one, but software publishers such as the Zimbra production suite have added extra protection to their email solutions to prevent identity theft.

There is no shortage of examples to illustrate the situation and the danger of phishing. And the media have relayed the information to get the attention of Internet users. These situations occur in both private and professional life. There is a real fear of having one's bank details stolen by someone posing as a Chief Financial Officer (CFO), urgently demanding a RIB and a few hundred thousand euros with it. That's why Zimbra has made security one of its fundamental characteristics, taking into account all needs through the use of anti-virus, anti-spam, authentication and encryption systems.

How do you detect phishing?

This fraud is not to be taken lightly. In 2014, 28.8% of recorded phishing attacks were aimed at stealing financial data from users (source: Kaspersky Lab).

In order to identify phishing attempts, here are a few best practices to avoid falling into the net:

  • check the person you are contacting : do you know them? You can see if they speak the language and tone you're used to.
  • Check the content of the message: is it a bad translation? You can check for typos, spelling mistakes, inappropriate expressions, etc.
  • check the subject of the message: is it alarmist? With a subject such as Important, In your opinion or Important bulletin, it's a good idea to cross-check the information with the person to whom the message is addressed.
  • If you are redirected to a fake site, everything will be copied identically, except for one detail: the URL address. This is one of the best clues for detecting piracy.
  • check the domain name: is it identical? You can draw a parallel between the sender's domain name and the link in the message. In other words, the message belongs to the same domain name (@mycompany.co.uk) as the e-mail address that is writing to you (www. mycompany.co.uk/...).

All the elements of the message must be checked: the person and their email address, the subject, the content with the message and its link. If there is any doubt, there are now sites that can help you check whether the URL corresponds to a phishing attempt, such as Isit Phishing, for example.

How can I avoid phishing?

Detecting the problem is one thing, but are there any simple solutions for avoiding phishing attempts? This problem, which is first and foremost a human one, can be helped by technical and IT support.

Good human practice

The first thing to do to prevent your e-mail address being stolen is to change your password regularly, making it difficult to find. With today's web browsers, everything is done to save passwords. So there's no need to memorise them. There is even software to create sophisticated passwords for extra protection.

Once you've got an unpronounceable password, it's obvious that you shouldn 't just give it away. The same e-mail containing the login and password should be avoided. A piece of paper to be thrown away is highly recommended. This is the tip of the iceberg: educating Internet users about security concerns.

Good technical practice

On the technical side, it's all about securing your IT system. Ovea has developed a reinforced authentication system for its Zimbra collaborative messaging system. The sender of the email must have authorisation on the server - Ovea - to send email from outside. If authentication is not carried out, the email sent will be rejected and will never reach the recipient. This security protects against any attempt at identity theft from the outside world to Zimbra's internal messaging system.

In fact, with Zimbra, as it is currently developed to protect its customers against phishing, the only possibilities for identity theft are either internally by using the account of an employee who has authorised access, or when the account is hacked. In both these cases, the technical failure cannot be blamed!

It is essential to report phishing attempts. Unfortunately, becoming a victim of this kind of fraud can happen... In addition to the buttons provided for this purpose in your email messages, Ovea, integrator of the Zimbra production suite, will take this problem very seriously. Considering that each client is unique, Ovea is developing the Zimbra application to deal with each specific situation. By customising its modules, Ovea is able to offer a solution that is totally adapted to the customer's needs. Thanks to this active listening, Ovea has been able to react quickly to the problem of phishing.


These days, it's easy to pretend to be someone else by sending an e-mail. This means that fraudsters have a free rein. That's why you need to be extra careful, and if in doubt, never click on suspicious links or give out bank details without checking them first.

Article translated from French