You've Been Phished: A Report on Phishing Awareness

You may have recently fallen victim to a phishing attack as part of a anti-phishing campaign

How did you get trapped?

You may have recently fallen victim to a phishing attack as part of a anti-phishing campaign. You received an email from a sender claiming to be “MGEN IT Team”.

Phishing is a type of cyber attack where the attacker poses as a trustworthy entity in order to obtain sensitive information, such as login credentials or financial information. These attacks can be difficult to identify, but there are some tips you can follow to protect yourself in the future.

The attacker likely used urgent or threatening language in order to pressure you into taking action, such as clicking on a link or providing sensitive information. You may have followed the attacker’s instructions and provided them with sensitive information. It is important to take steps to protect yourself going forward.

The following login page and email were fake and meant to collect your login credentials.

Let’s look at the example that tricked you :

1. Take time to analyze

The attacker probably used urgent or threatening language to get you to act, in your case to click on a link to resolve a security issue. You may have followed the attacker's instructions and provided him with sensitive information without taking a breath and without verifying that he is who he pretends to be.

2. Check the sender identity

In this example, the sender pretends to be the IT Team. Be aware that the true name of the sender can be hidden. Here, 'MGEN IT Team' has replaced an email address that has any relation with the MGEN IT Team

3. Check the page link

In the same way as for the email address, check the veracity of the link. In our case, the link does not lead to a real page (olive.mgen.fr) but to a fake one (olive-mgen.fr)! The difference is small but real !

4. Go to the page by typing the usual link

If you are familiar with the concerned service, you can ensure that it is not a fake copy by typing the link you usually use directly into your browser.

5. If in doubt: contact the sender

It is always better to be insured. You can send an email to the security teams via their official contact to ask for their opinion

6. Don’t hesitate to inform yourself

To avoid falling into this trap again, we invite you to check the following article:

👉 10 Tips for Protecting Yourself from Phishing Attacks