How can I protect myself from phishing? Advice and best practice

By Jennifer Montérémal

Published: 29 October 2024

How can you protect yourself effectively against phishing?

Because this type of attack can have serious consequences for businesses, such as the leakage of sensitive data, every organisation needs to do its utmost to protect itself.

While specific software has been developed for this purpose, we shall see that the human factor, and therefore awareness, remain the best weapons for protecting against these malicious attacks.

That's why you need to be extra vigilant, ask yourself the right questions when you receive an e-mail and adopt good practices.

Let's take a closer look.

See all software Anti Spam

What is phishing?

Definition of phishing

Phishing is one of the most common computer attacks. We also use the French terms " hameçonnage" or " filoutage" to describe this technique.

What exactly does it involve?

The hacker usurps an identity, such as that of a public body or major corporation, in order to send an e-mail in his or her name and obtain specific actions from the recipient.

To fool the recipient, the fraudster tries to pass himself off as a trusted sender (by using the sender's logos and graphics, for example). In this way, the victim is encouraged to :

click on a link to a fake official site, a mirror site ;
download an attachment
reply directly to the email, etc.

Through these actions, the hackers have multiple objectives:

obtain personal data, such as bank details or passwords ;
extract money;
introduce malicious software into the e-mail recipient's system.

☝️ This fraud technique is undoubtedly one of the most widespread on the web, as it requires very little skill on the part of the cybercriminal. All they have to do is gather data on their future victims (an operation made easier by the growing amount of personal information available on the Internet, social networks, etc.) and then send them a simple e-mail.

What's more, the success of the scam relies heavily on a lack of vigilance on the part of users, which, as we shall see, remains the weak point of organisations in terms of cybersecurity.

Impact on businesses

Half of French businesses have fallen victim to phishing attacks in the last two years.

Enquête Sophos de 2019

Phishing, like all cyber attacks, is on the increase. It can affect any type of business, whatever its size or sector of activity.

Furthermore, phishing attempts are becoming increasingly targeted. Indeed, some hackers are now taking the time to find out more about their future victims, with the aim of sending the most credible message possible.

The main consequences for organisations are

infiltration of the computer network
leakage of sensitive data, such as customer files, patents and banking information
identity theft, etc.

The repercussions of phishing can be disastrous, both financially and in terms of a company's image, which will be severely damaged.

How can phishing be prevented?

Raise awareness and train employees

In 80% of cases, it is the action of a user on his or her workstation, often carried out involuntarily, that is the cause of cyber attacks.

AvantdeCliquer.com

Prevention remains the best way to protect yourself effectively against phishing, because a phishing attempt is often detectable. But in a world where we are increasingly inundated with information, we sometimes lose sight of certain details.

That's why companies need to get to grips with this issue, and communicate actively with their employees. Why, for example, not organise training sessions ?

💡 Some organisations have decided to test their employees . By sending out fake phishing emails, they identify who "takes the bait", so they can react accordingly and instil better practices.

Ask yourself the right questions when you receive an email

By asking yourself the right questions and remaining attentive when you receive an e-mail, you increase your chances of protecting yourself against phishing attempts .

Here are the main points to watch out for:

The sender : do I know this sender? Have I been contacted by them before?
The e-mail address : a suspicious e-mail address, or one that doesn't seem serious, is a dead giveaway. If in doubt, Google it. If fraudulent, it may already have been reported.
The nature of the email:
- Does the subject or file mentioned in the email appeal to me?
- Does the tone of the text seem appropriate? In general, be wary of emails that try to worry you, put pressure on you or put you in an emergency situation.
- Am I being asked for personal information ? You should be aware, for example, that a bank will never ask you to provide sensitive information over the Internet.
The quality of the content : does the content seem to comply with what a sender of this type can send? In other words, check for spelling mistakes, typing errors and other inappropriate wording, which are all too common in this type of email.
Links and attachments:
- Look to see if the URLs of the links seem correct, with no spelling mistakes. You can, for example, type the target into your browser's address bar to check its reliability.
- Also be wary of short links , as they don't allow you to predict where you'll end up. 💡 Tip: to check which page a short link will lead to, use online tools such as Unshorten.It!
- Ask yourself if the attachment is suspicious. For example, is it different from the one displayed in plain text? In short, always think twice before clicking on anything in an e-mail.

Adopt good cyber security practices

Here are a few tips for combining cybersecurity and the management of your business emails:

Never send sensitive data by e-mail , as no organisation or company worth its salt will ask you to do so. The same applies to requests to send money (forged payment of shipping costs, for example).
If in doubt, check the information directly on the sender's secure website or any other official channel .
Be wary of overly tempting offers (lottery winnings, gifts, etc.).
Always check the security of the sites you visit. If they are reliable, the following indications can be found in the site's address bar: " https://" and a lock icon.
If you have not already done so, activate the anti-phishing protections available in the various browsers.
Use your work email only for this purpose , and the same goes for your personal email.
Avoid using a public Wi-Fi network for your business operations.
Finally, delete any phishing emails that arrive in your inbox, and do not forward them to your employees (except to the relevant IT department for action).

Use phishing protection tools

While appropriate human behaviour provides the best protection against phishing, the use of certain software and tools is also beneficial.

🛠️ Anti-phishing software : Mailinblack, for example, and its Mailinblack Protect solution, which detects fraudulent emails and protects you from them. The publisher also offers the Phishing Coach educational tool to help companies identify risky behaviour among employees and implement awareness-raising measures among their teams.
🛠️ Antivirus software . Using a reliable, up-to-date antivirus provides better protection against malicious actions following a successful phishing attempt (if you have inadvertently downloaded a fraudulent attachment, for example).
🛠️ Password managers . It is recommended that you use unique passwords to log in to your various accounts, to guarantee your protection in the event of identity theft. But since the human brain can't remember them all, we suggest you opt for a secure password manager.

Report phishing attempts

Finally, we recommend that you report any phishing attempts:

in your e-mail inbox , using the famous "junk mail" and "phishing attempts" tabs. This will protect you from future attacks;
on Signal Spam and/or internet-signalement.gouv.fr . In this way, you help the authorities to take action and contribute to making the Internet safer.

☝️ At work, get in touch with your IT department so that it can react quickly to prevent other, less experienced employees from taking the bait.

What if you've been phished?