CA Britline

Phishing attempts: how to spot them?

Phishing attempts: how to spot them?Is this e-mail really from your bank? It has a nice logo; it is well written but you are right to be wary. Not all of them are full of spelling mistakes and some of them look more real than real in order to extract personal data and information from you and access your accounts. Phishing and phishing scams are on the rise. How can you spot them? What to do if you've been caught?

Phishing is an Internet scam technique increasingly used by scammers to steal personal data: your name and address, your contact details (telephone, postal address, etc.), your date of birth, your bank account number, your social security number, your Internet connection identifiers to banking or merchant sites, your security codes for validating Internet transactions, your e-mail identifiers and passwords, etc.


1 / Your bank will NEVER ask you to communicate sensitive information by an unsecure e-mail outside your online bank, nor by telephone. Likewise, your Advisor will NEVER ask you for the 4-digit personal and confidential code of your bank card, nor your online banking access code, nor the security codes sent by SMS or email to validate so-called sensitive operations, such as enrolling in Securipass of Crédit Agricole for example, or making a transfer.

2 / NEVER click on a link inviting you to fill in a form, in a "classic" e-mail that seems to come from your bank. It may trigger malicious software that will retrieve data from your computer. When your bank needs to contact you, it will send you an email telling you that there is a message to read in your personal space, online or on the mobile application. This message NEVER contains a link to be clicked to access the online bank: this is an intangible rule that banks have given themselves, to differentiate themselves from "hackers". It is up to the customer to use the address he knows, which he has probably saved as a favourite in his browser.

3 / Use common sense: anything that starts with "confidential" or "we have noticed a problem with your account" or "your account has been restricted" or "your bank card has been suspended", "please validate this refund", "concerning the European Directive for Payment Services (DSP2), it is imperative that you register for the mobile confirmation service (SecuriPass)" etc. is 99% phishing! But there are many other possible motives...malicious people have imagination. These e-mails are mostly anonymous: they write "Dear customer", "Dear Sir, Madam", etc. It is quite rare for the fraudulent e-mail to mention your name.

4 / Who is really sending you this email? You read "From : Agence du Crédit Agricole"... And when you move the mouse over this name what address do you read? "". In short: nothing to do with the email address of your Crédit Agricole advisor. A con man is trying to pass himself off as your advisor, or someone from your bank. However, you should be aware that a fraudulent e-mail can display a valid address, even though this is rather exceptional in attacks aimed at the general public: what is explained in points 2 and 3 is therefore essential.

5 / Do you receive a suspicious e-mail after your branch opening hours? You hesitate to answer? Above all, don't do anything and wait until your agency reopens to check the veracity of the email: there are very few situations that require an immediate reaction or response.

6 / You were set up and gave out confidential banking information? Contact your bank branch as soon as possible. If it is closed, contact the helpdesk of your bank card and make an opposition (but only if you have transmitted the complete characteristics of your bank card, i.e. its number, its expiry date and the 3-digit code on the back of the card). The call number is indicated on the back of your bank card. Change your passwords to access your bank's website. Monitor your bank statements and make sure that no amounts have been debited irregularly. If there are any discrepancies, report the problem to your branch as soon as possible, making it very clear that you are not the cause of certain transactions on your account.

7 / Report the fraudulent e-mail to your bank and to the Police, on this site exclusively so that the fraudsters can be blocked as quickly as possible:!input.action

8 / Update your computer's protection system: antivirus, firewall, anti-spyware software... Use known software because there are also fake antivirus programs.

9 / Use a filter against "spoofing": most Internet browsers offer a warning function that signals suspicious sites when you are about to connect to them. Go to your browser's settings to activate these functions. The same goes for the spam filter in your email software, as well as on the website (Webmail) of your email provider.

10 / This advice is valid for your bank's emails as well as for those that seem to come from a department stores, tax offices or other big web platforms...

Finally, beware of social networks! NEVER publish your bank details (photos or credit card numbers for example)! If you have to pay something from social networks, you must be redirected to a merchant site and check that it is secure.