+4 votes
72 views
What is Phishing?

in Security by (551k points)
reopened | 72 views

1 Answer

+5 votes
Best answer

This is phishing
What is spear phishing?
How to recognize phishing emails
How to protect yourself against phishing attacks
What to do as a phishing victim?

Have you heard about the danger of phishing and would like to know what it is? We'll explain it to you..

image image

Image: <span> Creativa Images / Shutterstock.com </span>

Phishing is a scam used to steal information from the Internet. Usually phishing emails are used for this, which contain links to fake websites. Mail and website look deceptively real and often lead users to enter personal information. This article will tell you what exactly phishing is, how to spot it, and then what to do.

This is phishing

The word "phishing" is made up of two English words, "password" and "fishing". So it means something like "fishing for passwords". And that is exactly what phishing scammers do: They trick their victims into entering sensitive data such as e-mail addresses or passwords on the Internet. They then access this information and misuse it. They spread even more spam and phishing emails via captured email addresses; With the help of third-party access data, they manipulate user accounts or even steal money.

The phishing scam: You get an email that looks official, real and trustworthy. For example, the mail seems to come from your bank, the social network Facebook or the payment service PayPal. In this e-mail you will be asked to click on a link - for example to update your personal data, enter your credit card number or renew your password. Popular reason: Your data has been lost or your account has been blocked.

The link then takes you to a website that also looks deceptively real. If you log in with your data or provide them, the fraudsters will fish the information. Because email and website are fake. The phishing scammers send their fake emails to several addresses at the same time - this increases the likelihood that someone will fall into it and divulge their data.

What is spear phishing?

An extended form of phishing is what is known as spear phishing. Here, the fraudulent e-mails are not sent indiscriminately to innumerable e-mail addresses, but very specifically to a few recipients. Victims are, for example, individuals or companies. With the exact target, the scammers can find out about their victim in advance and design the phishing email and phishing website in such a way that the victim is very likely to fall for it. The goal of this attack is usually to steal certain data, such as trade secrets..

How to recognize phishing emails

Phishing emails used to be easy to spot. Often they were written in broken German or in another language, bristling with errors and immediately noticeable due to their strange layout. This still happens, but most of the time the emails are not immediately recognizable as a phishing attack. Even so, there are some indications for this:

Content of the mail

  • You will be asked to enter confidential data (access data, user name, credit card number, PIN, ...). Serious institutes such as banks or mobile phone providers do not do that.
  • You will be pressured with a tight deadline. This is also not common in reputable companies.
  • You are threatened - for example with the termination of your account or your mobile phone contract. Reputable companies wouldn't do that.
  • Impersonal salutation ("Dear Sir or Madam"): Companies whose customers you are also know your name. But be careful: Phishing emails can also use your name!
  • Request to open a link or a file attachment: If you are skeptical about the mail and sender, do not open the attachment under any circumstances. It can contain viruses or Trojans.
  • Wrong competition: Supposedly you won a competition - but did you even take part in one?

sender and recipient

  • Unknown company: Are you a customer of this company at all? If not, it is phishing.
  • Cryptic sender: The sender email address usually looks real at first glance. At second glance, however, inverted letters or cryptic numbers become apparent.
  • Other recipients: Are there many other recipient email addresses in the CC of the email, most of which are unknown to you? This indicates that your email address was stolen from others and is now being used for a phishing attack.
  • Wrong e-mail address - for example: You are registered on Facebook with your web.de e-mail address. If you now receive messages from Facebook to your gmx e-mail address, you should be suspicious.

Appearance of the mail

  • Rare, but still a clear indication of fraud: foreign language, spelling errors, weird wording, strange layout.
  • Cryptic link: Do not click on the link, move your mouse over it. The URL of the website to which the link leads now appears at the bottom of the screen. If it's not a trusted company website, stay away from it. It is better to enter the real URL of the company website in the browser to visit the page.
  • The same applies to the return address. Even if it looks normal, move your mouse over it and check the email address, which is then displayed at the bottom of the screen.

How to protect yourself against phishing attacks

In order not to fall victim to phishing scammers in the first place, you should handle your data carefully. Don't give your email address away lightly and protect all your accounts with strong passwords. You should also use a separate one for each service - otherwise fraudsters will have access to all services if they steal your password. We explain here how to find a secure password. To protect yourself against attacks on your computer, you should always keep your browser, operating system and your anti-virus software up to date.

If you have recognized a phishing attempt, you should report it to the consumer advice center on the one hand and on the other hand, the company concerned. Both can then take action against the fraud and warn consumers and their customers. Then you should put the sender of the mail on the spam list of your mail program.

If you are not entirely sure whether the e-mail is genuine, just ask the company concerned. Important: Do not use the links and contact details from the questionable email for this! Call up the company's website yourself by entering the address in the browser and use the contact options provided there.

What to do as a phishing victim?

If you've fallen for a phishing email and disclosed data, you need to act quickly. When it comes to login details, the scammers will change them very quickly so that you can no longer access your account. So try to beat them up and change your password. If you have given bank details, contact your bank immediately and have your account blocked. Also, keep an eye on your transfers..

Further information on phishing is available from the Federal Office for Information Security .


by (3.5m points)

Related questions

+5 votes
1 answer
asked Oct 19, 2021 in Help by backtothefuture (551k points) | 81 views
+4 votes
1 answer
asked Jun 21, 2020 in Android Tutorial by backtothefuture (551k points) | 216 views
+5 votes
1 answer
asked Dec 20, 2021 in Security by backtothefuture (551k points) | 85 views
+3 votes
1 answer
asked Nov 21, 2021 in Security by backtothefuture (551k points) | 86 views
+5 votes
1 answer
asked Nov 18, 2021 in Security by backtothefuture (551k points) | 98 views
Sponsored articles cost $40 per post. You can contact us via Feedback
10,632 questions
10,764 answers
510 comments
3 users