Grand Duchy of Luxembourg
Advice & Guidance
Phishing

Phishing

In Brief

Phishing, or Fishing, is a technique employed by computer hackers to get personal information for the purpose of committing identity fraud. The technique consists of making the victim believe they are communicating with a trusted third party – bank, administration, etc. – in order to get them to disclose personal information: password, credit card number, date of birth, etc. It is a form of IT attack that relies on social engineering. It may be perpetrated by email, on fraudulent websites or by other electronic means.

Generally speaking, IT criminals use phishing to steal money. The most common targets are online banking services, Internet service providers and auction websites such as eBay and PayPal. Phishing proponents usually send emails to a large number of potential victims.

How To Recognise Phishing

A phishing email can usually be recognised by the following tell-tale signs:

  • the email does not address you by name
  • the email incites you to act quickly
  • the email contains a link you have to click on.

If you have received an email that includes one of these clues, you can simply ignore it. Do not click on the suggested link. If you have doubts regarding the authenticity of the message, you can also open your browser and enter the address of the site you wish to visit yourself.

Behavioural Measures

The most important behavioural measure consists of ignoring suggested links in emails, or visiting websites you are not familiar with.

Organisational Practices

In France, Internet users are invited to report their own (bad) experiences to the National Police’s monitoring unit or to send them links to any websites they suspect are illegal.

There are charitable organisations that help Internet users protect themselves against this type of fraud:

Technical Measures

The following technical measures can be implemented:

  • SPAM filter in your email client
    • Phishing attacks are normally large-scale attacks. It is, therefore, likely that your email client recognises it as spam and marks it accordingly.
  • Phishing filter in your browser
  • Use the Web of Trust (WOT) add-on
  • Use a web filter (proxy).