What is phishing?
Phishing is a derivative of the word "fishing". The replacement of the 'f' by 'ph' is probably based on an abbreviation of the expression "password harvesting fishing".
Phishing operators use e-mails, hypertext links and Internet pages to redirect you to fake websites where you will be asked to disclose confidential data such as your bank account details or credit card number. A malicious e-mail generally asks you to confirm your password, bank details, account numbers, credit card details or other similar data by clicking on a link contained in the message. This link then directs you to a fake page with an address that is almost identical to that of the original site.
- Be careful with e-mails.
- It is very easy to fake a sender's address: the author of the e-mail you receive is not necessarily the service provider you believe it to be.
- Do not reply to e-mails asking you to enter personal data. Service providers such as ePDQ, banks, credit card issuers, etc. will never ask you to disclose your password, credit card number or other personal information by e-mail.
- Enter links manually. Do not click on any links contained in suspicious messages: enter the URL address manually (for example, the address of your bank, the ePDQ platform) or look for it in your Favourites. Links contained in fraudulent e-mails can direct you to fake websites. The differences in the URL addresses are often very difficult to spot. The appearance of the site can also be deceptive.
- Check the encryption of Web pages. Before entering any of your personal details in a website, check that the site encrypts personal data by looking for https ("s" for secure) in the Web address and a closed padlock or non-broken key icon in your browser. Unfortunately, the padlock icon (and the key) can be forged on certain systems. Check that you are actually on the site you think you are on by double-clicking on the padlock icon to display the site's certificate. Make sure that the name on the certificate and the name in the address bar are the same. If the names are different, you could be on a fake site.
- Check your bank and credit card statements regularly.
- Upgrade your computer's security: Enable an anti-phishing filter to identify fraudulent sites before you visit them. Some browsers (e.g. Internet Explorer) have this kind of filter. Otherwise, you can install it as a toolbar. Regularly apply the latest security fixes for your operating system and the software installed on your computer. Install a firewall. Install anti-virus software and keep it up to date.
What should you do if you become a victim of phishing?
If you think you have received a phishing e-mail, proceed as follows:
- IMMEDIATELY change the passwords and/or PIN codes for the online account with the company whose identity has been usurped.
- SEND the fraudulent message to the company in question. It will generally have a special e-mail address to notify any such attacks.
- NOTIFY the phishing attempt to the relevant authorities (local police, Internet Fraud Complaint Center, Anti-phishing working group).
- RETAIN all PROOF of the fraud. In particular, in the event of a phishing attempt using an e-mail, do not delete the e-mail, since it contains, hidden in the header, the information required to trace the source of the attempt.
ePDQ and communications:
- ePDQ will never ask you to disclose your personal financial data or other personal information (password, credit card number, bank account number, etc.) by email.
- ePDQ will never request any merchant to perform a payment operation (please note, however, that in some specific cases when you have reached out to us for an ongoing transaction issue, we can ask you to perform again the failed operation).
- ePDQ will never disclose by e-mail any full credit card number.
Payment Confirmation e-mails sent by the ePDQ platform will never contain any attachment.
For further information: