What is Phishing?

Basic principles

What is "phishing"?

Phishing is a derivative of the word "fishing". The replacement of the 'f' by 'ph' is probably based on an abbreviation of the expression "password harvesting fishing".

Phishing operators use emails, hypertext links and Internet pages to redirect you to fake websites where you will be asked to disclose confidential data such as your bank account details or credit card number. A malicious email generally asks you to confirm your password, bank details, account numbers, credit card details or other similar data by clicking on a link contained in the message. This link then directs you to a fake page with an address that is almost identical to that of the original site.

For instance, www.ogone.com & www.og0ne.com could be easily confused.

Prevention

• Be careful with emails.
  
• It is very easy to fake a sender's address: the author of the email you receive is not necessarily the service provider you believe it to be.
  
• Do not reply to emails asking you to enter personal data.
  Service providers such as Ogone, banks, credit card issuers, etc. will never ask you to disclose your password, credit card number or other personal information by email.
  
• Enter links manually.
  Do not click on any links contained in suspicious messages: enter the URL address manually (for example, the address of your bank, the Ogone platform) or look for it in your Favourites. Links contained in fraudulent emails can direct you to fake websites. The differences in the URL addresses are often very difficult to spot. The appearance of the site can also be deceptive.
  
• Check the encryption of Web pages.
  Before entering any of your personal details in a website, check that the site encrypts personal data by looking for https ("s" for secure) in the Web address and a closed padlock or non-broken key icon in your browser. 
  
  

• Check your bank and credit card statements regularly.
• Upgrade your computer's security:
• Enable an anti-phishing filter to identify fraudulent sites before you visit them. Some browsers (e.g. Internet Explorer 7) have this kind of filter. Otherwise, you can install it as a toolbar.
• Regularly apply the latest security fixes for your operating system and the software installed on your computer.
• Install a firewall.
• Install anti-virus software and keep it up to date.
  
  

What should you do if you fall victim to phishing?

If you think you have received a phishing email, proceed as follows:

• IMMEDIATELY change the passwords and/or PIN codes for the online account with the company whose identity has been usurped.
• SEND the fraudulent message to the company in question. It will generally have a special email address to notify any such attacks. For example, if you receive a phishing email relating to Ogone, send it to support@ogone.com.
• NOTIFY the phishing attempt to the relevant authorities (local police, Internet Fraud Complaint Center, Anti-phishing working group).
• RETAIN all PROOF of the fraud. In particular, in the event of a phishing attempt using an email, do not delete the email, since it contains, hidden in the header, the information required to trace the source of the attempt.

Ogone and communications

• Ogone non-commercial emails are always sent from the ogone.com domain.
• Ogone will never ask you to disclose your personal financial data or other personal information (password, credit card number, bank account number, etc.) by email.
• Ogone will never request any merchant to perform a payment operation.
• Ogone will never disclose by email any full credit card number.
• Payment Confirmation email sent by Ogone platform will never contain any attachment. 
• If in doubt or if you notice anything suspicious, contact our Customer Care department (support@ogone.com).

For further information:

• Anti-Phishing Working Group
• Internet Fraud Complaint Center