Phishing: how to detect and avoid online fraud

August 05, 2020 by Emma Zamia

Imitation can be sometimes seen as a form of flattery, but criminals trying to impersonate Qonto staff members and scam our clients is not flattering but unacceptable...
The security of your account is our priority. We are fighting back these attacks on multiple fronts with a dedicated team of IT security experts as well as trained customer service agents to prevent frauds and take them down as soon as they appear. 

Here is an explanation on phishing attacks (most common type of online fraud), and what to do to prevent them. đź‘Š

1. What is phishing?

Phishing is a type of social engineering attack used to steal user data, including login credentials and credit card numbers and other sensitive information. 

It is disguised as communication sent from a legitimate source. The message will pressurize the person reading the email to take immediate action and enter personal information on a fake website which looks identical to the legitimate site.

2. What are the most recurrent phishing attacks?

Some phishings attacks are known as “campaigns” as one style of attack, usually using the same email template, and are sent to masses of people.

Classic phishing: is the general, mass-mailed type, where the criminal sends an email pretending to be someone else and tries to trick the recipient to give them sensitive information. For instance, you may receive an email that looks as if it comes from Qonto, telling you there’s a problem with your account and you are asked to update your details by following a link. Attackers put a lot of effort in designing these emails and making sure that both the link and the website to which you are being redirected closely resemble our Qonto app. Once they have access to the account, they can make transfers, order virtual cards to make online purchases. 

Vishing: is phishing via telephone calls. The approach is the same; to appear legitimate in order to get sensitive information from the victim. The criminal impersonating a Qonto agent will call the victim telling them they have a payment pending or that their account has been breached. They will then ask to provide payment card details to verify the client’s identity. 

Clone phishing: is a sophisticated attack which intercepts genuine correspondence. The criminal clones a legitimate email from a trusted source. This email to the victim seems to be a continuation of the conversation, but it actually holds a malicious link.

3. What to do to prevent phishing attacks?

Be cautious when you are asked to give sensitive information over the phone or online. Here’s a few tips to prevent phishing attacks: 

  • Never use the same password on different websites and accounts. 
  • Create strong and complex passwords especially for your bank account.
  • You can use secure tools to generate and manage complex passwords such as 1password. If you are on the wrong website or a fraudulent website, your password manager will not offer an automatic password entry.

If you want to know more about how to detect phishing, check out this article. 

You can also monitor the connexions made to your account on the Qonto app. But be careful, when you give access to secure APIs, this will create an automatic connexion that you did not directly create but for which you gave access to. 

4. How does Qonto secure your account

As already mentioned, the security of your account is our prime concern. This is why we have put into place alerts to detect anomalies, and implemented many security features into our product to prevent any type of account takeover. 

  • We automatically suspend any account exhibiting suspicious patterns: connection from an unknown device, abnormal transfer amounts, unusual activity and so on.
  • We protect all sensitive operations using a second authentication factor.
  • We rely on data-driven algorithms to block high-risk operations.

If despite all the features we have developed you think you are a victim of a fraud, here is our article on what to do. 

Phishing is a very popular technique for fraudsters, and we cannot stress enough the importance of being as aware as possible. 

So remain vigilant, be cautious, and keep this article in mind to avoid being hooked. 🎣

You may also like...