Phishing: Fraudsters disguise themselves as a trustworthy entity in order to obtain sensitive information
“Why would your bank ask you for information that it already has? ”
Obtaining sensitive information by posing as a trustworthy entity, such as a bank, local government authority, telephone operator, etc.
Most commonly, fraudsters send an email to a huge number of internet users. The alarming nature of the message will persuade some recipients to connect to a bogus website and input their information.
Hone your reflexes: what to do if you receive a suspect email
Be aware of the signs to look out for: inconsistent sender email address, grammar or spelling mistakes or typos, a link or site without a full URL:
- Do not click on the links
- Do not open attachments
- Do not reply
Remember that a company will never ask you for information that it already has (e.g. in the case of a bank, your bank account number).
- Limit the information you disclose (social media, websites, standard letter templates, signature, etc.).
Be wary of any unusual request and trust your instincts: if a request seems suspicious, it probably is!
- Verify the legitimacy of any such request, by calling a number provided previously.
If the Societe Generale name is being used fraudulently, forward the email to firstname.lastname@example.org
Vishing (voice phishing) is a phone call scam. The fraudster phones you and tries to obtain your personal and financial information.
How to spot a scam
The fraudster randomly dials landline numbers in a particular region. When you answer, you hear an automated message telling you that there have been some unusual transactions on your bank account, and asking you to phone a particular number immediately. When you call that number, you get an automated message or a person posing as a bank employee asking for your bank details and passwords. This information will then be used to steal your identity, make online purchases or access your bank account.
Alternative version: someone phones you, pretending to be an employee at your bank, and tells you about a suspicious purchase. You are then asked for your personal details to verify whether fraud has taken place.
What to do if you receive a scam phone call:
Fraudsters use stress and fear to create a sense of urgency around the possibility that you have been the victim of fraud.
- Never give out your bank, personal or any kind of information over the phone.
- If you get a message asking you to call a particular number, do not dial this number.
Fraudsters contaminate your computer so they can hack your data.
“You could be under surveillance without knowing it... ”
Once the program has installed itself on your computer, the hacker can, for example, steal your passwords and/or PIN codes, copy your data, or take control of your computer, access your bank account online and steal your money...
How to spot a scam
Your computer may have been infected if:
- An alert or an error message from your anti-virus program pops up on your screen.
- You receive unexpected validation requests for third-party access.
- Connecting to your online banking site seems to be taking much longer than usual, or when you try to connect, you get a message in a foreign language, such as English.
Good habits for limiting the risk of fraud
If your computer is infected, please follow the recommendations below:
- Get your computer cleaned by a professional.
- Change the passwords/access codes for your online banking sites from a clean computer.
- Install security programs on your computer (anti-virus, firewalls, etc.) and ensure that they are updated regularly (internet browsers and software must also be updated regularly).
To limit the risk of your computer being infected, use common sense and adopt a critical mindset when looking at your screen at all times.
Most Wi-Fi equipment manufacturers deliver routers that are configured for simple and rapid installation. This often means that all the security options are deactivated.
There are two problems with this:
- A hacker could spy on your internet connection and obtain, for example, your email password. On the other hand, the hacker won’t be able to read your personal passwords for your online accounts (you can easily check that you are on a secure site by looking for “https” (and not “http”) in your browser’s address bar).
- You are responsible for the use that is made of your internet connection. Unwanted visitors may go to disreputable websites or use your connection in an abusive way. When this happens, the intrusion does not leave any trace, and it will therefore be up to you to show that you did not know anything about it.
Good habits for limiting the risk of fraud:
Ensure that the connection to your Wi-Fi network is encrypted (e.g. using a personal and complex WPA2 key) and also, make sure to change the Wi-Fi router's admin console default password.
Good practices to adopt
Check that you are on a secure site
In your internet browser’s address bar, check the spelling of the website address.
Use a strong password
It is essential to know how to choose a strong password, i.e. a password that is difficult for a third party to find/discover (e.g. do not use your date of birth).
Think before clicking on a link
One of the classic attacks aimed at scamming internet users and stealing their personal information consists of encouraging them to click on a link within a message. These links may be malicious. Rather than clicking on the link, you should type the website address into your browser’s address bar.
Be careful if you see a suspicious email address and/or before opening an attachment
One of the most effective methods of spreading malicious software is to use email attachments. To protect yourself from this risk, never open an attachment from someone you don’t know.
Be careful about disclosing personal information
It is strongly recommended that you never disclose personal data orally, in writing or by email. Never enter personal/sensitive data (such as bank account details) on websites that do not offer all the necessary guarantees.
Please note that Societe Generale will never write to you at your personal email address to ask you to connect to your secure site and/or ask for the password/PIN code for your bank accounts/bank cards.