Phishing: definition and how to prevent it

What does phishing mean ?

It is a fraud, whereby someone tries to obtain confidential information through e-mail, letting himself pass for somebody you trust, like your bank (if he is interested in your banking data) or your computer service (if he wants you to reveal your password).

It is important to point out that a responsible computer service will never request that you reveal your password through e-mail, but, if necessary, will direct you to a Web page that is identifiable and secured.

How do I recognize a phishing e-mail ?

  • By its content: a phishing message will ask you to reveal confidential data (password, banking account) through e-mail or through an external Web link, quite often giving it an air of urgency (if you don’t act quickly, you will lose your account or your data will be erased). It is also often clumsily written (numerous spelling mistakes or automated translation) or in a language that doesn’t match its intended recipients.
  • By the Reply-to address: it is easy to fake the sender’s address of a message, but the real address will appear in the reply window if you start to redact a reply for him: if it is incorrect, strange or contains any external element (especially its domain — the part of the address after the @ sign — is not epfl.ch or that of the organism from which the message is supposed to be sent) it is for sure a phishing attempt.
  • By its Web links: when placing your pointer (mouse) over the links, their real location will appear in the last element before the first / character in the path shown at the bottom of the window. You should be wary of the numerous tricks phishers are using to hide this true location. For example, none of theses links points to an EPFL site, they all point to mafia.com:
    • http://66.181.7.2/epfl.ch (numerical address)
      http://mafia.com/epfl.ch/page (epfl.ch is after the first / character)
      http://epfl.ch.mafia.com/ (sub-domain)
      http://[email protected]/ (the part before the @ actually denotes a username)

What should I do if I receive a phishing e-mail ?

Don’t answer !
Please forward it as an attachment to the address [email protected], so that we can take the appropriate measures.

What should I do if I am not sure ?
The safest is of course to act as if the doubtful message were a phishing attempt and follow the instructions mentioned above. You may also show it to you computer support people, requesting their advice.

For more information, see IT Security Intranet.