Social Engineering – Was ist Phishing?
WHAT IS PHISHING?
Phishing (pronounced „fishing“) is a type of identity theft that is becoming increasingly popular with hackers. Using fraudulent websites and fake emails and phone calls, and more, the perpetrators try to steal your personal information – most often passwords and credit card information.
Cybercriminals do so through the use of social engineering or deception – usually by sending links to sites that look like websites that you trust, such as your online banking provider or social networks. This will enable you to steal your data while you type it there. These fake websites most often include social media, email services, financial institutions, and other websites where people typically set up an account to use the service offered.
HOW TO RECOGNIZE A PHISHING MESSAGE
Phishing scams are among the most common cybercrime forms. But even if phishing is widespread, you can protect yourself from it. Aside from installing security software, the best way to combat phishing scams is to spot attacks instantly. The following points show you some practical possibilities:
- Spelling and bad grammar – Cybercriminals are usually not known for good grammar and spelling. Professional companies usually have editors who do not allow one to be sent to customers or users like the serial email shown above. So if you find spelling mistakes in an email, it could be a phishing scam.
- Beware of links in emails – If you see a link in a suspicious email, you should not click on it. Mouse over (but do not click) on the link and check if the web address matches the link given in the message. In the example below, the link in the box with the yellow background indicates the real web address. The sequence of cryptic numbers does not look like the company’s web address given in the message at all.Also, check for unequal URLs (or misleading domain names) – they can also lead you to .exe files. These types of files are known to spread malware.
- Threats – Have you ever received a threat that your account will be closed if you do not respond to an e-mail? The message shown above is an example of this trick. Cybercriminals often send threats that your online security has been compromised.
- Counterfeiting of well-known online portals and websites of known companies – scammers very often use pop-up windows. More information under Social Engineering.
- Other Important Signs – Querying Personal Information – The offer sounds too good to be true – You should receive / send money – The measure was not initiated by you – Or just anything that does not look quite „clean“ !!!
HOW TO PROTECT AGAINST PHISHING
- Be cautious about e-mail asking for confidential information – especially information of a financial nature. Reputable companies usually do not ask sensitive information about e-mail or phone calls – they have separate processes and actions.
- Do not be pressured to give out sensitive information. Phishing scammers like to use a variety of forms of scare tactics , threatening to block a user account or delay services until you update certain information. In any case contact the company directly and let the authenticity of the request be confirmed.
- Pay attention to generally formulated inquiries . Fraudulent emails are often not personalized, while authentic emails from your bank often refer to an account that you keep there. Many phishing e-mails start with „Ladies and Gentlemen“ and some come from a bank where you do not have an account at all.
- Never submit sensitive information about forms embedded in e-mail – a very common phishing practice that often causes such messages to end up in your junk / spam folder every day.
- Never use links in an email to connect to a website, as these could be fake links . Links that do not match the text that appears when you hover over the link should alert you immediately. This also applies to the use of URL shortening services. Instead, open a new browser window and enter the URL directly into the address bar(or check where this short link leads, for example, see links below). Often a phishing website looks absolutely the same as the original, eg https://wwwpaypal.com/ is different than https://www.paypal.com/. Also, https://www.paypaI.com/ (with a capital letter „i“ instead of a lowercase „L“) is different from https://www.paypal.com/ – look in the address bar to see if this is the case is (and the connection is secure – like https: //) „.
- Make sure that you have an effective software to combat phishing use (eg, an anti-virus software from a third party) and use encrypted transmission channels and encrypted e-mail services such as Mailfence for communication and further secure your privacy.
- Always be suspicious – phishing emails try to lure you out of the reserve with warnings that information has been stolen (or worse), and then offer you a simple solution if you simply click „here“ (The reverse trick: „You win! Click here to claim your winnings!“) If in doubt, do not click. Instead, open your browser, go to the company’s website, and log in as normal to see if there are any signs of unusual activity. If so, change your password.
Be sure to test a specific link for where it goes before you open it:
- Where Goes , Redirect Detective , Internet Officer Redirect Check , Redirect Check , URL2PNG , Browser Shots , Shrink The Web , Browserling
You can also report phishing attempts:
Current phishing cases are published by the Phishing Radar of the Consumer Center .
Most important, however, is to rely on common sense. You will not win a contest that you did not attend, your bank will not contact you through an email address you have never registered with. Recognize the warning signs, think twice before clicking, and never pass on your password or financial information if you have not logged in properly to your user account.
email@example.com – For all types of reporting, support, and payments related requests
firstname.lastname@example.org – For notification of new messages, activation of the account, and links to reset the password.
email@example.com – For all types of marketing and press inquiries
In special cases, eg on the subject of billing / payments
firstname.lastname@example.org – In connection with billing / payments and related inquiries
Any e-mail claiming to be from us but not sent by any of the above addresses should be considered suspicious and reported immediately to support [at] mailfence [dot] com. „