Hameçonnage
The hameçonnage , called in English phishing , is a technique used by defrauders to obtain personal informations with an aim of perpetrating a Usurpation of identity. The technique consists in making accept the victim which she addresses to a third confidence - banks, administration, etc - in order to tap to him personal informations: Password, number of Credit card, birth date, etc It is a form of computer attack resting on the social engineering. The hameçonnage can be done by Email, Web sites falsified or other means electronic.
Etymology
Etymology of phishing
-
the term phishing takes as a starting point the term Phreaking : portemanteau word of “phon” and “freak”. Originally, the phreaking was a type of swindles used in order to benefit from free phone services especially present at the time of the analog devices (years '70).
- the term phishing would have been invented by the Pirates which tried to fly of the accounts AOL. It would be built on the English expression password harvesting fishing , that is to say “fishing with the passwords”. An attacker was made pass for a member of the AOL team and sent a instantaneous Message to a potential victim. This message required of the victim to indicate its password, in order to, for example, “to audit its AOL account” or “to confirm its banking informations”. Once the victim had revealed its password, the attacker could reach the account and use it at malevolent ends, like the sending of Pourriel.
French translations
The terms hameçonnage and appâtage were proposed by the Québécois Office of the French language (OQLF) in April 2004 like translation French E of phishing . In Canada, hameçonnage quickly became of everyday usage.
Among the other terms considered by the OQLF, but not selected, one finds:
- Swindle by email - Lack of precision; the hameçonnage is rather a attempt of swindle, because it does not succeed with all the blows and surely does not constitute the only way of swindling by means of the email.
- Fishing with the data/confidential personal informations/ - more descriptive than dénominatif, as periphrasis as the expression the mother of all networks can be used when one speaks about Internet.
- Fishing with the gogo '' - Too pejorative.
- Filoutage - Lack of precision; can indicate any form of swindle.
- Usurpation of interface - Lack of precision; the usurpation of Interface or identity (of company) is only one of the principal means used to carry out a hameçonnage.
More recently, one saw appearing:
- Piégeonnage - a “piégeon” is a pigeon (nobody which one will misuse credulity) via a electronic trap . This new proposal preserves the direction of the others but brings a centring on the person targeted while re-using preexistent images of current French.
Brand spoofing , which can result in usurpation of mark or usurpation of identity of company , rather refers to the means used to conclude a hameçonnage. (OQLF) (see Usurpation of interface, Ci-high).
The general Commission of terminology and neology of France retains since February 12th, 2006 the term filoutage to translate phishing .
Hameçonnage on Internet
The data-processing criminals generally use the hameçonnage to fly of the money. The most popular targets are the banking services on line, and the sales points with the biddings such as EBay. The followers of the hameçonnage send usually emails to a great number of potential victims.
Typically, the messages thus sent seem to emanate from a company worthy of confidence and are formulated so as not to alarm the recipient so that it carries out an action consequently. An approach often used is to indicate to the victim which its account was decontaminated because of a problem and which the reactivation will not be possible that in the event of action of its share. The message then provides a Hyperlien which directs the user towards a Web page which resembles to mistake there with the true site of the company worthy of confidence. Arrived on this misleading page, the user is invited to seize confidential informations which are then recorded by the criminal.
In 2007, these data-processing criminals changed technique, by using a means of hacking called Attaque of the man of the medium to collect the confidential informations given by the Net surfer on the visited site.
Parades
The checking of the Adresse Web in the bar of address of the Navigateur Web can not be sufficient to detect trickery, because certain navigators do not prevent the address posted at this place to be counterfeited. It is however possible to use the dialog box “properties of the page” provided by the navigator to discover the true address of the wrong page.
A person contacted about an account having to be “checked” must seek to regulate the problem directly with the company concerned or to go on the Web site by manually typing the address in her navigator. It should be known that the banking companies never use the email to correct an security issue with one of its customers.
In general, it is recommended to make follow the suspect message to usurpation (for example, if the hameçonnage relates to societe.com, it will be
It is necessary to be particularly vigilant when one meets an address containing the symbol “@”, for example
Recent navigators, such as Firefox, Opera and Internet Explorer 7, have a system allowing to inform the user of the danger and to ask to him whether he wants to really sail on such doubtful addresses. Netscape 8 also integrates technologies making it possible to hold up to date a black list of dangerous sites of this type.
The filters antipourriels also help to protect the user from the data-processing criminals by reducing the number of emails which the users receive and who can be hameçonnage. The software customers of transport Mozilla Thunderbird comprise a very powerful filter bayesien (filter self-adapting anti-junk email).
The frauds concerning the Banque S on line aim at obtaining the identifier and the Password of the holder of a account. It is then possible to the defrauder to connect on the Web site bank and to carry out Virement S of funds towards its own account. To counter this type of fraud, the majority of the banking sites on line do not authorize any more the Internaute to seize itself the account recipient of the transfer: it is necessary, in general, to telephone a banking service which remains alone ability to seize the account recipient in a list of accounts. The phone conversation is often recorded and can then be used as proof. Other banks use a reinforced identification, which locks the access to the transfers if the user does not indicate the good key to four digits asked by chance, among the sixty-four ones that it has. If the key is the good one, the Net surfer can carry out transfers on line.
See too
Related articles
- Usurpation of identity
- Social engineering (safety of information)
- strong Authentification
- DKIM, technology of fight against the hameçonnage
- Pharming
External bonds
- terminological Card of the Large terminological Dictionary (OQLF)
- Example to test your navigator
- Example of hameçonnage BNP Paribas
- Example of hameçonnage LCL & SG
- Cross-country race Site Scripting and Phishing
- cases.lu File set of themes on the phishing with test
- '' Anti-Phishing Working Group ''
- '' International FraudWatch ''
- '' Safe Browsing for Enterprise Users ''
- Extended Validation SSL Certificates - has New, Higher Standard for Internet Security
Reference
| Random links: | Bubble chamber | Fountain-the-Dijon | Antonio del Giudice | Ferchar Fota | Vychni Volotchek | Docteur_Dolittle_(film) |