Warning you just have been phished

Don't panic, this is a pedagogic campaign about this type of scam.

In the case of a real phishing campaign, a hacker would have stolen your login and password from your mailbox whithout you noticing it.

The information below will tell you, in 10 minutes of reading, how to identify and avoid this kind of malfeasance.

Purpose of this educational phishing campaign

"Phishing" is a combine word of the terms "phreaking" (hacking of telephone line) and "fishing".

Our "phishing" campaign is intended to make users aware of this fraud technique, used by hackers, which aims to recover personal information (banking, login / password / etc ...) by usurping the identity of a trusted third party.

In the case of this campaign, we used the same tools as hackers to be closer to reality. The only difference is that no personal data has been collected, not even your email address. We just have a statistical return of the number of victims who have landed on this page.

How to protect yourself

The scenarios are classic and always the same:

You receive a message that appears to come from a company, a trusted institution or your IT department that invites you to sign in to your account via a link in the email. This link then leads to a website created by fraudsters which is often a close copy of the original and which invites to enter via a form his login and password, his bank details, his credit card or bank details. other sensitive personal data.

You receive a message written in a manner that arouses curiosity or fear and invites you to click on a link or open an attachment. In this case, a virus is downloaded without your knowledge. It encrypts files on your computer immediately and spreads across the network for the purpose of attacking other computers, with the risk of paralysis of all or part of the institution's information system.

An unknown / strange mail, an unknown site, an attachment that asks to activate the macros, etc…Trash

For example, this campaign uses the 1st scenario and redirects you to  mail.mflmonde.org and not to  mail.mlfmonde.org. In addition, some logos of the Mlf have been placed in the mail so as not to arouse suspicion, the identity of the sender is also usurped (Spoofed). Gmail will never direct you to change your password, but will direct you to their help topic.

Vigilant point

  • Do not respond to emails calling for help, taxes, your bank, or offering winnings, etc…

  • Never click on internet links, images, or attachments from messages whose contact is not known or whose content is questionable

  •   Systematically go back to support@mlfmonde.org the anomalies linked to the security of the IS (make a copy of the doubtful email and send it by mail)

      Inform the management, to disseminate the information

  • Delete the mail

Computer Health is the set of simple technical measures that guarantee the minimum base to respect to protect your information. They are called computer hygiene because they are the transposition in the digital world of basic rules of health security.

You will find on this link, a document that exposes risks with software solutions or good practices

Contact

We remain at your disposal for any questions.

We thank you in advance for your vigilance.

Your Mlf support