Lexicon > Pishing

IT Glossary


Phishing is a form of fraud on the Internet that aims to encourage people to communicate personal data, often banking data, for the purpose of identity theft and/or theft.

There are many examples of phishing. It can be a message, email, phone call from a bank, a social network, a telephone operator, an energy supplier, an online shopping site, administrations, etc.

To protect yourself from this form of scam, it is recommended that you:

  • Never to communicate personal data, especially when they are sensitive, by email or telephone;
  • Before clicking on a suspicious link, check the plausibility of the identity of the alleged organization;
  • To check the address of the site that appears in the browser;
  • If in doubt, contact the organization directly to confirm the message or call received;
  • Use different and complex passwords for each site and application.

Phishing can directly or indirectly constitute several criminally punishable offenses, including:

  • Identity theft;
  • Collection of personal data by fraudulent means,
  • unfair or unlawful;
  • Scam;
  • Fraudulent access to an automated data processing system ;
  • Fraudulent use of means of payment.

Acts of phishing do not fall directly under the jurisdiction of the CNIL, but rather under the jurisdiction of the police, since phishing is more akin to attempted fraud or extortion than to the protection of personal data.

Update on the scam

“Fraud is the fact of deceiving a natural or legal person, either by using a false name or capacity, or by abusing a true capacity, or by using fraudulent maneuvers, and thus determining, to his detriment or to the detriment of a third party, to hand over funds, securities or any other property, to provide a service or to consent to an act that creates an obligation or discharge. Swindling is punishable by five years’ imprisonment and a fine of 375,000 euros.

Article 313-1 of the Penal Code

Point of jurisprudence

The Commercial Chamber of the “Cour de cassation” has ruled that :

“fails, in gross negligence, to take all reasonable steps to preserve the security of its personalized security features if a payment service user discloses the personal data of that security feature in response to an e-mail that contains indicia that would cause an ordinarily attentive user to doubt its origin, regardless of whether the user is, or is not, advised of the risks of phishing.”

“Cour de cassation”, March 28, 2018, No. 16-20.018

The Bouchara firm assists you in particular in :

  • Identifying phishing and other Internet scams;
  • Judicial and extrajudicial actions against email servers and websites used for phishing purposes;
  • Legal actions to disclose information about the owners of email servers and websites used for phishing purposes.