The types of fraud perpetrated on the Internet are constantly evolving, as are the techniques used, which are becoming increasingly sophisticated... In phishing alone, scammers are adapting to deceive their targets using a variety of technologies: SMS, e-mail, telephone, social networks, fake websites, hacking... The list goes on.

What is phishing?

Phishing and now spear-phishing (targeted attacks) are designed to extract personal data. They use all the codes of an official organisation (bank, company, administration, social network, etc.) to gain the trust of their victims and encourage them to divulge personal information, whether by clicking on a link, downloading an attachment, or giving identifiers, even going so far as to make a payment.

Examples of Email Phishing Attacks

A bank alert, notification of a shipment, a well-known e-commerce site requesting payment, a friend asking for help... these phishing attempts are persuasive and can sometimes fool even the most discerning.

What are the consequences for your company?

Cyber attacks are damaging to businesses: identity theft, collection of bank details, theft of customer data, industrial espionage, etc. The impact of phishing on businesses is disastrous: loss of reputation and credibility, legal action for failure to secure data and, in all cases, financial loss.

According to a study published in 2021 by Agence européenne chargée de la sécurité des réseaux et de l'information "5% of SMEs surveyed agreed that cybersecurity problems would have a serious negative impact on their business, with 57% saying they would most likely go out of business."

How to protect yourself from phishing?

As you will have realised, phishing is not an endangered species, and businesses, particularly VSEs and SMEs, need more than ever to protect themselves against these cyber-attacks with three essential rules: prevent, secure and monitor! 

• Raising employee awareness to identify phishing attacks
  
• Keeping software and security patches up to date
  
• Limit access to company applications (ERP, website, etc.)
  
• Enable two-factor authentication where possible
  
• Restricting access to the corporate network with a VPN
  
• Securing e-mail (spf, dkim)
  
• Securing passwords
  
• Protecting personal data
  
• Do not store passwords in clear text (text file, excel...)
  
• Monitoring phishing attempts, preventing and responding to incidents
  

We strongly recommend that you call in a specialist company to audit your infrastructure and optimise its security.