Photo d'une femme devant un ordinateur

Phishing: understand and protect yourself against scams

At home and work, it’s hard to escape phishing attempts and they’re becoming more sophisticated, whether by email, SMS, or social media. As a responsible operator, we’re committed to developing a digital society that can be trusted, and therefore doing what we can to combat the threat. Here’s what to look for when it comes to phishing, and the best practices to adopt.

What is Phishing?

"Phishing" is a technique used by hackers to collect confidential data about you without your permission. They will often contrive an emergency, threat, or unusual situation. They may pretend to be your bank, official organization, mobile operator or e-commerce site and ask for personal information such as passwords, payment methods, identity, professional data, etc.

3 Key figures

73%
of breaches involve human error
(Source : 2024 Verizon Data Breach Investigations Report)

+58.2%
of phishing attacks in 2023 compared with 2022
(Source : Zscaler ThreatLabZ)

4th
place for phishing in the online threats ranking
(Source : Security Navigator 2024)

Hameçon en illustration

Ever-evolving threats

The first wave of phishing came about through sending scam emails, where the victim would unintentionally click a malicious link and be redirected to a fake website. Phishing techniques are evolving and include malicious QR codes (known as "quishing"), sending text messages ("smishing") and fake phone calls ("vishing"). Hackers are perfecting their attacks by incorporating AI algorithms to make their messages more realistic or even spoof the voices of people they trust.

Evens pros aren't safe from harm

General phishing targets the public: one in four French people believe they receive a suspicious message at least once a day. But the threat also affects professionals - the self-employed, SMEs, large organizations, or even public companies. 42% of business leaders say they are particularly worried about the risks of a cyberattack (Source: 2023 Orange Cyberdefense Harris Interactive study).

Hackers adapt their methods to target the business world. They might impersonate business services (accounting, professional software, etc.), target key people (senior executives, "CEO fraud"), or use phishing to open the door to a ransomware attack.

To learn more about the specific risks of workplace phishing and guard against scams, download the 2024 Security Navigator report published by Orange Cyberdefense.

How do you identify attacks

Here are 4 clues that will help you spot a scam.

There is an urgency to the message (blocked bank account, etc.), a potential for a financial reward (refund, etc.) or a fake campaign related to current events (natural disaster, conflict, etc.).

2 You don’t recognize the sender’s email address or phone number, or the name is inconsistent with the URL of the links to be clicked or the address of the redirect site. You can check their legitimacy on https://cybersecurite.orange.fr.

 

3 The message asks you to share confidential data by email or SMS (username, password, credit card, etc.), which no legitimate organization would do.

4 The message contains spelling mistakes or expressions that are unusual for a bank or official business.

How should you react to a scam?

If you’ve received a fraudulent email or text message, there are a few simple steps you can take to react safely:

  • Don't reply to the sender, click on links, or open attachments.
  • Forward the message to your spam box or delete it.
  • Be cautious when using QR codes on advertisements, social networks, user manuals... Malicious QR codes can be used to link to bogus websites in order to obtain banking or personal information. Do not scan QR codes visible on unusual media.

If you’ve fallen victim to phishing, or you think your data might have been compromised:

  • Immediately change the password you think you have transmitted. Also, change your password on other accounts if you were using the same one.
  • Stop your card and contact your bank if you think you have provided banking information.
  • Go to your local police station to file a complaint.

It is important to report phishing attempts. By talking about it and alerting the relevant authorities, you are helping to fight against phishing scams.

Do you live in France?

  • Go to the Signal Spam and Cybermalveillance.gouv.fr websites if the attempt took place via email or online.
  • Contact 33700 if the attempt took place by SMS or phone.
  • Alert us by email at the abuse@orange.fr address if you have just received a message spoofing the Orange brand.
  • Check the legitimacy of any suspicious website, link, e-mail or text message free of charge on the Orange Cybersecure portal, regardless of your operator, by simply copying and pasting https://cybersecurite.orange.fr.

Supporting you in the face of threats

Orange and Orange Cyberdefense employ 3,000 cybersecurity experts to strengthen digital security. Our 36 detection centers around the world analyze more than 60 billion events and shut down 200 malicious sites daily.

To strengthen our customers’ protection, we have also run several pilots using AI algorithms and automated image analysis to detect any fraudulent use of the Orange brand, provide an automatic warning when a user tries to connect to a suspicious site, and more. These innovations help us fight new forms of attack more effectively.

Free Worshops

Want to learn how to better detect and protect yourself against scams? We run workshops either online or in person at Orange stores and partner locations.

Each one-hour workshop is an opportunity to learn tips and best practice from our experts on topics such as:

Register today, either online or by calling the toll-free number: +33 (0) 800 06 15 46.