We have all already received this email, full of spelling mistakes, poorly trying to imitate large companies or institutions.
But it should be noted that the “phishing” threat evolved both in sophistication and ingenuity, and the basic mails that made us almost smile yesterday have become today real malicious campaigns using the most malicious schemes.
Phishing attacks are today sometimes so sophisticated that they succeed in deceiving the most skilled and informed user. But whether it’s a credible phishing attempt or not, what happens if a user falls into the trap set by the hackers? What risks do they face ? Do banks and insurance companies necessarily cover the victims of these cyber-threats?
Phishing: a friendly reminder
As a reminder, phishing is a cyber-criminal attempt during which one or more victims will receive an email or an SMS that they think to be written by an institution, a company or even a simple individual (familiar or not).
This email, or SMS, will ultimately aim to extract information such as personal data, banking information and other passwords that could be used by hackers for fraudulent purposes. Inexpensive and relatively easy to set up nowadays, these malicious email or SMS pass easily through spam filters thanks to their sophisticated methods and very often reach their targets (with efficiency).
But then what happens once the victim has fallen into the trap – obvious or not – of a hacker?
Being a victim of phishing is, in some cases, no longer excusable under the French law
Indeed, if it may seem surprising, since the person receiving a phishing email appears at first totally innocent, being phished today is not always excusable in the eyes of the French law, especially as regards concerning the provision of bank data.
Indeed, following a judgment of the “Court de Cassation” at the end of the year 2017 (case of 28.3.18, n ° 16-20 018), providing its banking data to a hacker is considered to be a “serious negligence”.
This new judgment breaks the appeal judgment which held that if a victim provided the so-called sensitive information without recognizing or perceiving alerting signs, while being considered as a “normally” attentive person, the victim couldn’t be judged as if it was case of serious negligence.
Today the law therefore requires a user of any payment service to take “any reasonable measure to preserve the security” of its means of payment.
And it will be appropriate, on a case-by-case basis and in the light of the circumstances, to verify whether this absence of mistrust while encountering a phishing campaign was in conformity with this obligation or was, on the contrary, “a failure, by serious negligence, to its obligations “.
Therefore, banks generally can not be held responsible for such fraud, and are not required to cover and reimburse victims unless their advice, delays or other errors have resulted in the theft of money.
What can I do to protect myself from phishing campaigns?
Here are some tips to help you establish maximum protection against these cyber threats – these tips are obviously to be used in parallel with a good implementation of good practices of Internet.
- Use the latest version of your operating system.
- Make sure to make all necessary updates to protect your computer.
- Do not click or download any attachment received by email if you are not sure where it came from and who sent it.
- Regularly update your anti-spam.
- The latest patches must be immediately deployed on all machines in your company.
- Any infected equipment must be immediately removed from the network.
- Regularly update your Anti-spam.
- Educate and train your team to the dangers of these malicious campaigns.
- You can also choose to continue this awareness through the establishment of courses and training to raise awareness of the security of information systems that we can offer.