HackTricks Twitter LinkedIn Sponsor Website

Phishing - Protection

PreviousPhishing - Techniques NextMalware

Last updated 6 months ago

Phishing - Protection

Cybercriminals use emails or text messages to trick you into providing them with personal information. They may attempt to steal your passwords, account numbers, or other sensitive information. If they obtain this information, they could have access to your email, bank account or other accounts. Every day, scammers launch thousands of such phishing attacks and they are often successful.

Cybercriminals sometimes change their strategies, but there are some clues that will help you identify the fraudulent message or email.

Detect phishing

Everyone is susceptible to a phishing attack. Often, phishing emails are well designed and it takes a trained eye to distinguish real from fake. 👀

1. Name and email address

Email addresses and domain names can be easily spoofed. It is therefore essential to check that the domain name is not altered by spelling changes in suspicious emails. Even if they appear to come from a trusted sender, always check twice.

2. Check for spelling mistakes

Cybercriminals are often less concerned with being grammatically correct. This means that typos and spelling errors are often evident in posts. Such errors in an email can be a good indication that the message is not authentic.

Any email asking for sensitive information about you or your business is suspicious. For example, no bank will ever ask for personal information via email. Call your bank directly to check whether an email is genuine or not.

4. Don't be fooled by the URGENT side

Phishing attacks use fear tactics such as urgency and authority to trick victims into taking immediate action. Emails that ask to share personal information or make cash transactions are traps!

5. Hover without clicking on links

Hover over the URLs. If the alt text does not match the displayed text, or if it looks strange, DO NOT click on it.

6. Pay attention to attachments

Mouse over attachments to see if they contain a real link, before clicking or downloading them. But if you're still not sure who the sender is, don't click the link or file.

7. Is the email too good to be true?

If it sounds too good to be true, chances are it is! Phishing attacks use fake rewards to trick victims into taking action. You wouldn't win the lottery if you never entered.

8. Keep your devices up to date

Devices, and the applications they contain, are more vulnerable to attacks when systems are not updated. Keep your antivirus up to date and check your devices regularly for updates.

9. Check your accounts regularly

Check your accounts regularly to ensure that no changes have been made without your knowledge. By staying on top of your accounts and knowing what data is kept on each one, it will be easier to spot a phishing attack.

10. If any doubt persists, contact the right people

If you think you have been the victim of a phishing attack, there are several points of contact if you are particular. (See: Contact points)

If you are a victim of phishing in your workplace, speak directly to your cybersecurity team, IT team or your manager.

Points de contact

Belgium

The CCB (Center for Cybersecurity Belgium) has set up an email address suspect@safeonweb.be to voluntarily report phishing emails.

"The goal of suspect@safeonweb.be is simple: we call on Internet users to voluntarily report suspicious messages they receive to this address, the famous phishing messages. We then check the URLs and annexes of these messages sent. This is an automated process. We block suspicious links. This system helps protect less vigilant Internet users who have clicked on the link. Source: Safeonweb.be

The FPS Economy has set up a contact point for all fraud, deception, scams and scams via the following link: https://pointdecontact.belgique.be/meldpunt/fr/bienvenue

When your rights as a consumer or business have been violated or you are the victim of some form of deception, you can report it via this new site. The point of contact gives a tailor-made opinion and directs you to the appropriate body. The contact point is the result of collaboration between the Federal Agency for the Safety of the Food Chain (AFSCA), the Federal Agency for Medicines and Health Products (FAMHP), the Social Information and Research Service (SIRS), the Federal Police, the FPS Finance and the FPS Economy.

Source: Safeonweb.be

France

Cybermalveillance

The French government has set up the following site:

Cybermalveillance.gouv.fr's mission is to assist individuals, businesses, associations, communities and administrations who are victims of cybercrime, to inform them about digital threats and the means to protect themselves from them.

On this site, there is a section dedicated to phishing and how to react when you are a victim.

If in doubt, contact the organization concerned: If in doubt, if possible, contact the organization concerned directly to confirm the message or call you received.
Objection immediately: if you have accidentally communicated information about your means of payment or if you have noticed fraudulent debits on your account, object immediately to your banking or financial institution.
Keep the evidence and, in particular, the phishing message received.
File a complaint: if you have noticed that personal information is being used to usurp your identity or if you notice fraudulent debits from your bank accounts, file a complaint with the police station or gendarmerie brigade to which you report. You can also send your complaint in writing to the public prosecutor of the judicial court where you belong, providing all the evidence in your possession. If you are an individual, you can be supported free of charge in this process by a France Victimes association at 116 006 (free call and service), victim assistance number of the Ministry of Justice. Service open 7 days a week from 9 a.m. to 7 p.m.
Change your passwords immediately: If you have accidentally given a password, change it immediately on the site or service concerned, as well as on all other sites or services on which you used this compromised password.
Report any questionable messages or sites to Signal Spam: if you have received a questionable message, do not click on the attachments or on the suspicious link. If the message includes a link, position your mouse cursor on this link (without clicking). This will then display the real address it redirects to in order to verify its plausibility. If you clicked on the link, check the website address that appears in your browser. If this does not exactly match the site in question, it is most likely a fraudulent site. Sometimes a single character may change in the site address to mislead you. Do not respond to these suspicious messages and report them to Signal Spam, which is associated with the CNIL to identify the main senders of spam and take the necessary countermeasures.
Report the address of a phishing site to the Phishing Initiative: check the website address that appears on your browser. If it does not correspond exactly to the site concerned, it is most certainly a fraudulent site. Sometimes a single character may change in the site address to mislead you. When faced with a suspicious site, you can report it to the Phishing Initiative which will block the address of this site and request its removal.
Need more advice? To be advised in your efforts, contact the Info Escroqueries platform of the Ministry of the Interior on 0 805 805 817 (free call and service from 9 a.m. to 6:30 p.m. Monday to Friday).

Source: Cybermailvaillance.gouv.fr

The CNIL (National Commission for Information Technology and Liberties) indicates how to react to phishing SMS messages:

You can forward the abusive SMS to the number 33700. This is an SMS alert system created by telecom operators, service providers and hosts, in consultation with the State Secretariat for Industry and Consumption.

After this transfer, you will receive a message asking you to send the number from which you received the abusive SMS to 33700. This information is transmitted to operators, including yours, who can act quickly with the organizations originating these text messages.

Sending an SMS to 33700 is free for Bouygues Telecom, Orange and SFR customers. For other operators, sending an SMS to 33700 can be done at the price of a normal SMS.

For more information, you can connect to www.33700-spam-sms.fr