Security of your data

Extract from the french government's websites:

https://www.economie.gouv.fr/entreprises/methodes-piratage

This is one of the main vectors of cybercrime. This type of practice can also be used in more targeted attacks to try to obtain an employee's access credentials to the professional networks to which they have access.
To reinforce its credibility, the fraudulent e-mail will not hesitate to use logos and graphic charters of the most well-known administrations or companies. The content of the message is generally based on two strategies:

• either you are accused of not having paid a certain amount of money (bills, taxes, electricity, etc.) and you are urged to do so on pain of late payment penalties or even legal action;

• or you are informed of a financial error in your favour (tax, bank, etc.) and are asked to follow instructions to get your money back.

Other methods exist (faxes on hold, gifts, etc.). Stay alert!

• not to reply to spam so that the sender does not know whether the e-mail address used is valid or not

• not to click on links embedded in the message, so that the sender cannot retrieve information through cookies or other computer trackers

• do not open spam attachments

• be careful when giving out your e-mail address and create different e-mail addresses for your needs: internet shopping, social networking, personal exchanges, etc.

• use a spam filter

You want to report criminal content that is not spam?
It's on this list:

• Paedophilia or corruption of minors on the Internet
• Incitement to racial hatred or provocation to discriminate against people because of their origin, gender, sexual orientation or disability
• Threats or incitement to violence
• Illegal trafficking (drugs, weapons, etc.)
• Endangering people
• Incitement to commit offences
• Insult or defamation
• Swindling
• Terrorism: threat or apology

Go to internet-signalement.gouv.fr

Ransomware is a malicious computer program that is becoming increasingly widespread (e.g. Wannacrypt, Jaff, Locky, TeslaCrypt, Cryptolocker, etc.). The aim is to encrypt data and then ask the owner to send money in exchange for the key to decrypt it.

Three tips to protect yourself against ransomware:

Password theft is the use of software to try as many combinations as possible to find your password. Password theft can also be done by trying many different things, for example from social networks.

Four tips to protect yourself against password theft:

• Rule n°1: 12 characters

A secure password must be at least 12 characters long. It may be shorter if the account offers additional security features such as locking the account after several failures, a character or image recognition test ("captcha"), the need to enter additional information communicated by a means other than the Internet (e.g. an administrative identifier sent by the Post Office), etc.

• Rule n°2: numbers, letters, special characters

Your password must consist of four different types of characters: upper case, lower case, numbers, and punctuation marks or special characters (€, #...).

• Rule n°3: an anonymous password

Your password should be anonymous: it is very risky to use a password with your date of birth, your dog's name etc., as it would be easily guessed.

• Rule n°4: dual authentication

Some sites offer to inform you by e-mail or telephone if someone connects to your account from a new terminal. You can then accept or refuse the connection. Do not hesitate to use this option.

• Rule n°5: renewal of passwords

On sites where you have stored sensitive data, remember to change your password regularly: every three months seems a reasonable frequency.

• It is very important to use a different password for each account. You should therefore construct several passwords, and there is no question of writing them down in a text file, in the notes of your smartphone or in the cloud, as they could be easily accessed. So how do you remember them? There are two options.

The Cnil has set up a password generator that allows you to create your password from a phrase. All you have to do is memorise the sentence and use the initials of the sentence to create your password.

https://www.cnil.fr/fr/generer-un-mot-de-passe-solide

What are the risks? 

If one of the sites you have an account with is breached and your authentication details are leaked, it will be easy for hackers to access your personal information. They could use your login details and passwords to log into other accounts. Be very vigilant, especially on accounts that contain sensitive data (social networks, mailbox).

For example, if he controls access to your internet accounts, a hacker could:

• usurp your email address to trick your contacts;
• use your bank details for fraudulent purchases;
• impersonate you;
• demand a ransom if they find compromising data in your mailbox.

Two tips to protect yourself against malware:

Fake websites (online shops, administrative websites...) can be perfect copies of the original. Their goal: to get your payment data or passwords.

Again, do not enter your payment details or passwords on websites that are not secure, i.e. that do not begin with "https".

When you are in a public place, a multitude of open wifi connections can appear. Beware, some of these networks are booby-trapped and designed to steal your information.

Four tips to protect yourself from a fake wifi network: