Phishing is one of the most common methods used by hackers. These attacks are so sophisticated that it can sometimes be difficult to differentiate them from legitimate communication. In this article you will find out everything you need to know about phishing so you can protect yourself from Internet fraud.
What is phishing?
Phishing is a scam technique that consists of contacting you by email, text message or phone pretending to be a trusted third party in order to access your personal data and steal your identity. The phishing message usually asks you about a confidential matter, such as a problem with your back office, password or bank details, and prompts you to take immediate action.
In this article, we will focus on email phishing, which is the most common method used these days.
How can you recognize a phishing attempt?
“The key is vigilance! Phishing emails are so common nowadays that you will receive one sooner or later. Everybody’s exposed to it. Fortunately, you can easily detect them by following best practices.”
Alexandre Tiperez, Systems & Network Administrator at VirtualExpo.
You should give your full attention to any email asking you to fill in your name, email address and/or password or bank details before you click on any links or attachments or provide your personal information. These fraudulent messages contain a number of defects that allow you to judge their authenticity.
Find out what you need to check to see if you are a target of a phishing attempt:
- The sender’s address
Check to see if you have ever received any messages from the sender. If it’s a hacker who sent you the email, he or she would have tried to disguise the address. Check if a letter is missing or if a letter has been added.
- Domain name errors
If you receive an email that appears to come from an official address, check that this is the email domain used by the third party company. Even if the message appears to be legitimate, doesn’t contain any spelling mistakes and uses the official formatting and visuals of the brand, it may very well have been sent using a fraudulent address.
- Spelling and grammatical errors
The legitimacy of the email can be questioned if it contains spelling or grammatical errors or if the writing is poor quality.
- Suspicious attachments and links
It is important that you do not click on any links or open any attachments until you have checked the sender’s address, domain name, greetings, and spelling and grammar errors. Phishing emails can invite you to click on a link that redirects you to a malicious site or to download an attachment that contains spyware. Read the domain name of the URL carefully to identify any possible errors (e.g. missing, inverted or extra letters).
“Before clicking on a link, hover your mouse over it to check the domain name of the site it will redirect you to.”
Alexandre Tiperez, Systems & Network Administrator at VirtualExpo.
PRATICAL TIP: on sites where you need to enter a password and other confidential information, choose secure sites with URLs beginning with https.
- An urgent message or tempting offer
Many phishing messages solicit you for account access, banking transactions or requests for confidential information. Other phishing attempts may appear as tempting offers such as a prize you have won or can win.
The goal is to make you react immediately, without thinking. In these situations, once again, take the time to check the links in the message, the domain name, the sender’s address, and any spelling or writing errors.
How can I recognize an email from the VirtualExpo Group marketplaces?
To help you identify whether an email is legitimate, here are the cases in which you might receive an email from AeroExpo, AgriExpo, ArchiExpo, DirectIndustry, MedicalExpo and NauticExpo:
- Following a buyer request
- Following a buyer message or quote acceptance
- Following an action on your part: updating your stand or Professional Account, subscribing to a new service, paying an invoice, etc.
- Following an interaction with our customer service
- Your monthly and weekly statistical reports
- News emails
How can you protect yourself against phishing attempts?
Here are some preventive measures that can help you limit the risk of phishing:
- Bookmark the links you use regularly.
This will be useful so you can compare links received by email from your usual sites that might appear fraudulent or that you suspect to be phishing attempts.
PRATICAL TIP: Always use your bookmarked links to access your usual sites rather than clicking on a link in an email. You can never be too careful!
- Make sure your computer has up-to-date antivirus protection.
- Install an extension on your web browser that can identify malicious sites (e.g. WOT – Web of Trust).
- Use our secure interface to communicate with buyers when you use our services.
- Avoid disclosing personal information online that could be misappropriated by hackers when it is not necessary.
What can you do if you are a victim of phishing?
As phishing attempts are constantly evolving, it is possible that you could be the object of a phishing attack, even if you remain vigilant. If you have taken the bait and provided your personal data or identified yourself on a fraudulent site, here is some information to help you report the phishing attack:
- Activate two-step verification for your mailbox (which consists of validating your identity in two steps) then contact your email provider (Outlook, Gmail, Yahoo, etc.).
“It is strongly recommended to activate two-step verification for access to access your mailbox. This extra security function, in addition to your password, requires validation on your phone or via an additional code received by text message for example, which will make stealing your account almost impossible.”
Alexandre Tiperez, Systems & Network Administrator at VirtualExpo.
- Contact the company whose identity has been impersonated or the site that has been copied, so that they can act quickly.
If a hacker has attempted to contact you on behalf of VirtualExpo and you have disclosed your personal or identifying information on a website, please contact your Account ManagerIf a hacker has attempted to contact you on behalf of VirtualExpo and you have disclosed your personal or identifying information on a website, please contact your Account Manager or Customer Service. They will take care of resetting your password with the help of our IT department.
- Change ALL of your passwords
It is of course recommended to change the password of the service being targeted, but it is also useful to change your other passwords at the same time.
“It is recommended never to use the same password for your different online accounts. To help you juggle your passwords, there are password managers that make your life much easier while limiting the risk of having all your online accounts hacked by a phishing attack.”
Alexandre Tiperez, Systems & Network Administrator at VirtualExpo.
- If you provided confidential information before you realized that an email was fraudulent, contact the law enforcement cybercrime unit nearest you.
If you have identified an email received in your inbox as fraudulent and you have not taken any harmful action, here is the best practice to follow in two steps:
1. Transfer it to the company that has been the victim of identity theft.
If the phishing email was sent on behalf of VirtualExpo, you can forward it to your Account Manager or our Customer Service who will forward it to our IT department.
2. Delete it permanently from your email mailbox
Phishing is a simple and effective technique used by many hackers. It poses a serious threat to your internet security. Safety is the priority for all of us, so caution is the order of the day!
At VirtualExpo, we will never force you to take any action without your explicit consent, nor will we ever force you to verify your personal data outside of secure communication channels (e.g. back office, negotiation interface with your buyers, etc.). We will never send you an email containing urgent warnings asking you to log in to your account and share your personal data or log in information.
Remember to use preventive measures and ensure your online security when disclosing your personal information. Do not hesitate to contact us as soon as possible if you suspect that you are the object of a phishing attack using our identity. If you have any additional questions on this subject, please contact your Account Manager or our Customer Service.
