What is phishing ?
Phishing is a derivative of the word "fishing". The replacement of the 'f' by 'ph' is probably based on an abbreviation of the expression "password harvesting fishing".
Phishing operators use emails, hypertext links and Internet pages to redirect you to fake websites where you will be asked to disclose confidential data such as your bank account details or credit card number. A malicious email generally asks you to confirm your password, bank details, account numbers, credit card details or other similar data by clicking on a link contained in the message. This link then directs you to a fake page with an address that is almost identical to that of the original site.
- Be careful with emails.
- It is very easy to fake a sender's address: the author of the email you receive is not necessarily the service provider you believe it to be.
- Do not reply to emails asking you to enter personal data.
Service providers such as Ingenico, banks, credit card issuers, etc. will never ask you to disclose your password, credit card number or other personal information by email.
- Enter links manually.
Do not click on any links contained in suspicious messages: enter the URL address manually (for example, the address of your bank, the Ogone platform) or look for it in your Favourites. Links contained in fraudulent emails can direct you to fake websites. The differences in the URL addresses are often very difficult to spot. The appearance of the site can also be deceptive.
- Check the encryption of Web pages.
Before entering any of your personal details in a website, check that the site encrypts personal data by looking for https ("s" for secure) in the Web address and a closed padlock or non-broken key icon in your browser.
Unfortunately, the padlock icon (and the key) can be forged on certain systems. Check that you are actually on the site you think you are on by double-clicking on the padlock icon to display the site's certificate. Make sure that the name on the certificate and the name in the address bar are the same. If the names are different, you could be on a fake site.
- Check your bank and credit card statements regularly.
- Upgrade your computer's security:
Enable an anti-phishing filter to identify fraudulent sites before you visit them. Some browsers (e.g. Internet Explorer) have this kind of filter. Otherwise, you can install it as a toolbar.
Regularly apply the latest security fixes for your operating system and the software installed on your computer.
Install a firewall.
Install anti-virus software and keep it up to date.
What should you do if you fall victim to phishing?
If you think you have received a phishing email, proceed as follows:
- IMMEDIATELY change the passwords and/or PIN codes for the online account with the company whose identity has been usurped.
- SEND the fraudulent message to the company in question. It will generally have a special email address to notify any such attacks. For example, if you receive a phishing email relating to Ingenico e-Commerce Solutions, send it to email@example.com.
- NOTIFY the phishing attempt to the relevant authorities (local police, Internet Fraud Complaint Center, Anti-phishing working group).
- RETAIN all PROOF of the fraud. In particular, in the event of a phishing attempt using an email, do not delete the email, since it contains, hidden in the header, the information required to trace the source of the attempt.
Ingenico Payment Services and communications
- Ingenico e-Commerce Solutions (previously Ogone) non-commercial emails are always sent from the ogone.com domain.
- Ingenico Payment Services will never ask you to disclose your personal financial data or other personal information (password, credit card number, bank account number, etc.) by email.
- Ingenico Payment Services will never request any merchant to perform a payment operation.
- Ingenico Payment Services will never disclose by email any full credit card number.
- Payment Confirmation emails sent by the Ogone platform will never contain any attachment.
- If in doubt or if you notice anything suspicious, contact our Customer Care department (firstname.lastname@example.org).
For further information: