How to protect yourself from fishing?

How to protect yourself from fishing?



We communicate by e-mail, we make our payments online, we resell our objects on the Internet. To use all these services, we must disclose certain personal data each time. A godsend for the crooks who will try to steal them from us by using 1001 tricks.


The term "phishing" is a contraction of the English words password (password), harvesting (harvest) and fishing (fishing). This is a scam technique, also called phishing, used to surreptitiously obtain the confidential data of Internet users. 

The coveted information is that which allows, among other things, access to their e-mail, banking or post office accounts or auction sites. The criminals sometimes act in an organized gang, sometimes alone. The attack can occur via email, website, Internet phone service (VoIP) or SMS.


Using the extracted or stolen data, the scammers then commit asset offenses in the victim's name: bank transfers, online purchases and even placing fake bids on auction sites. In addition, the scammer becomes master of the e-mail account from which he extracted the access data. He can thus use it to send other fraudulent emails to the victim's contacts, but also to block him or change his password.

Characteristics of a phishing attack

The modalities of phishing attacks vary widely. But they have some characteristics in common:

  • The scammer always starts by summoning the target to divulge their personal data. The pretext invoked may vary: need to renew the data for security reasons or to update the user's account, data required by an authority to reimburse electricity costs, etc.
  • Usually, the summons is sent by email and the message contains a link to a counterfeit site.
  • On the bogus site, the victim is asked to fill out a form. In most cases, he is asked to disclose confidential banking data and other personal data (name, surname, e-mail address, username and password for different accounts, etc.).
  • The sender's address, but also the content of the e-mail and the design of the website to which it refers are intended to make the recipient believe that his interlocutor is a known financial institution, the Post Office, an online auction platform (e.g. Ricardo or eBay), an email service or an authority.
  • It also happens that the phishing page is placed on the site of a serious company after hacking it. The use of this process is best known in the field of online banking.

Legal status

Phishing is not subject to a specific criminal standard in Switzerland. But it often falls under the following articles of the Penal Code:

What does the police ?
Countering phishing is very complicated on a case-by-case basis, as you cannot trace back to the technical infrastructure used by the scammers. Only a complete analysis of attacks of this type could provide lessons.
 Indeed, criminals often produce phishing pages using proxy services located abroad. To conceal their identity, they frequently send the pages through networks of automated computer programs ( botnets) or host them abroad, or place them on hacked third-party servers. In addition, stolen data is usually resold to other criminals for recycling. 
The investigation of cases is thus often doomed to failure or, at least, requires a great excess of means. This is one more reason to protect yourself against attacks.

How to protect yourself?

To avoid falling victim to a phishing attack
In principle, serious service providers such as banks, the post office, auction sites, authorities and similar institutions will never ask you to disclose your passwords or your credit card data by e-mail or over the telephone.
Extreme distrust is therefore required with regard to emails which would ask you for personal data and which would state that the consequences in the event of non-performance would be financial loss, a criminal denunciation or the blocking of your credit card, for example.
Do not respond to such emails. Delete them systematically without clicking on the links provided.

If you have been the victim of a phishing attack

Change leaked passwords immediately and make sure new ones are secure 🔐.
If you have disclosed confidential data, immediately contact the service provider concerned (financial establishment, access provider or electronic messaging service). Explain your situation to regain control of your data.
Also notify MELANI of the attack using the ad hoc form .

📨 Leave us a comment :