search
Where Thought Leaders go for Growth
Reference a solution

Phishing: tips for recognizing and protecting against it

Phishing: tips for recognizing and protecting against it

By Hélène Trijolet

Published: November 14, 2024

Canyou fight phishing? Here are a few tips on how to recognize this phishing technique and how to protect yourself from identity theft.

What is phishing?

Phishing involves tricking users into disclosing personal or financial information via e-mail messages or websites. The term phishing comes from "fishing" and "phreaking". It's a kind of fishing for victims using computer tools.

The technique consists in exploiting the human flaw in the computer, i.e. the Internet user. They are duped by an e-mail that appears to come from a trusted company, such as a bank or a shopping site. However, software publishers such as the productive Zimbra suite have built additional protection into their messaging solutions to prevent identity theft.

There is no shortage of examples to illustrate the situation and the danger of phishing. And the media have relayed the information to draw the attention of Internet users. These situations occur in both private and professional life. There is a real fear of having one's bank details stolen, by someone posing as a Chief Financial Officer (CFO), urgently demanding a RIB and a few hundred thousand euros with it. That's why Zimbra has made security one of its fundamental features, taking into account all needs through the use of anti-virus, anti-spam, authentication and encryption systems.

How to detect phishing?

This fraud is not to be taken lightly. In 2014, 28.8% of recorded phishing attacks were aimed at stealing financial data from users (source: Kaspersky Lab).

In order to identify phishing attempts, here are a few best practices to avoid falling through the cracks:

  • check the person you are contacting : do you know them? You'll be able to tell if they're speaking in the language and tone you're used to.
  • Check the content of the message: is it a bad translation? You may notice typos, spelling mistakes, inappropriate expressions, etc.
  • check the subject line: is it alarmist? With a subject such as Important, For your opinion or Important bulletin, it's a good idea to cross-check the information with the person to whom the message is addressed.
  • If you're redirected to a fake site, everything will be copied identically, except for one detail: the URL address. This is one of the best clues for detecting piracy.
  • check the domain name: is it identical? You can draw a parallel between the sender's domain name and the link in the message. In other words, the message belongs to the same domain name (@monentreprise.fr) as the e-mail address writing to you (www. monentreprise. fr/...).

All elements of the message must be checked: the interlocutor and his e-mail address, the subject, the content with its message and link. In case of doubt, there are now sites to check whether the URL corresponds to a phishing attempt, such as Isit Phishing, for example.

How to avoid phishing?

Detecting the problem is one thing, but are there any simple solutions for avoiding phishing attempts? This problem, which is first and foremost a human one, can be helped by technical and IT support.

Good human practices

To prevent your e-mail address from being stolen, the first thing to do is to change your password regularly, making it difficult to find. With today's web browsers, everything is done to save passwords. So there's no need to memorize them. Software is even available to create sophisticated passwords for added protection.

Once you have an unpronounceable password, it goes without saying that you shouldn't share it with anyone. Don't send the same e-mail containing both the login and the password. The disposable piece of paper is highly recommended. This is just the tip of the iceberg: educating Internet users about security concerns.

Good technical practice

On the technical side, it's all about securing your IT system. Ovea has developed a reinforced authentication system for its Zimbra collaborative messaging system. The sender of the e-mail must have authorization on the server - Ovea - to send e-mail from outside. If authentication is not carried out, the e-mail sent will be rejected and will never reach the recipient. This security protects against any attempt at identity theft from the outside world to Zimbra's internal messaging system.

In fact, with Zimbra, as it is developed today to protect its customers against phishing, the only possibility of identity theft is either internally, by using the account of an employee who has authorized access, or when the account is hacked. In both cases, the technical failure cannot be blamed!

Reporting phishing attempts is essential. Unfortunately, falling victim to this type of fraud can happen... In addition to the dedicated reporting buttons in your inboxes, Ovea, integrator of the Zimbra production suite, takes this issue very seriously. Considering that each customer is unique, Ovea has developed the Zimbra application to deal with each particular situation. By customizing its modules, Ovea is able to offer a solution that is totally adapted to the customer's needs. It's thanks to this active listening that Ovea has been able to react quickly to the problem of phishing.


Today, it's easy to pretend to be someone else by sending an e-mail. It's an easy way for fraudsters to get through. That's why you need to be extra careful, and if in doubt, never click on suspicious links or give out bank details without checking them first.

Article translated from French