Phishing – Do Not Enter Login Details Anywhere Flippantly
Treble, telescopic rod, fishing chair - if the equipment fits, you only need to find the right waters and the fish will eventually come by. For anyone who lures a bait on the Internet everything is even simpler – after a successful catch the virtual angler does not even have to remove an intestinal tract. Quite the opposite: the victim of an Internet fraudster often does not even realize that he or she is on the hook...
What is Phishing?
Phishing is Internet fraud. It is about acquiring sensitive data under false pretense. In many cases of phishing scams the attackers try to use fake emails to get user data.
For example, this is how it works: An email with a subject that causes a stir appears in the email inbox. This could be something like: "Your account has been locked for security reasons!" Or "Automatic check of your online banking". Often, these are alleged messages from banks asking for verification. Fake PayPal emails are also very common. The goal of the scammers is to get the recipient of the email to visit a website and provide their login information.
Often, these emails, and also the web pages to be visited, look very similar to the real offer of the alleged sender. That is the tricky thing about it and it is exactly how the scammers went about in the current case of Netflix phishing. With fake emails, users were lured to replicate pages. The aim of the fraud was the tapping of credit card data.
If a recipient has fallen for such a phishing email and has typed any data into the space provided, the fraudsters will have access to his or her online banking or PayPal account (or whatever has been tapped). Anyone who uses online banking or PayPal can imagine that this can cause a lot of damage.
Additionally, there are phishing emails that contain a virus or other malware. Most of the time, the malware is hidden in the attachment. Therefore, you should be as careful when opening email attachments as you are when you click on links that are sent to you unexpectedly.
How Do You Recognize Phishing Emails?
Christian Olbrich, developer and software security advisor at Boxcryptor, has put together a checklist that helps you detect phishing emails:
Recognize phishing emails:
- Pay attention to the sender. If it looks strange, you should be careful. But attention: senders can easily be forged. A well-known sender is therefore no guarantee that the email in question is harmless.
- Do not click on links that were sent to you without you expecting them. If in doubt, you can access the mentioned website via the browser (without clicking the link). If the company actually emailed a warning, this topic should also be posted on the website.
- Make sure that the email in question is really addressed to you as the recipient. For emails without personal address, you should be suspicious. A positive sign would be if the email contains information that only the sender can know, for example, your username or recent actions.
- Large companies, such as PayPal, usually send emails with correct spelling and grammar. Hackers often do not. Bad English is an important clue to phishing. By the way, banks usually do not send emails at all. And if so, then only on behalf of your personal bank consultant.
- Ignore emails coming from banks where you do not have an account. The same applies to PayPal, Amazon and Facebook: Services you do not use cannot (and may not) email you.
If you have checked the points above and have decided that you can trust the sender, there is another relevant aspect: Can you carry out the requested action by navigating the website manually? If so, great. Then it probably was a legitimate mail.
Here are some additional tips to protect your information online:
- Make sure the https protocol is used (it indicates that the connection between the computer and the server is encrypted).
- Make sure the domain in the URL is actually the legitimate website (and not a similar-sounding / looking one).
- Make sure that the website is "SSL verified" (green lock in the address bar of the browser).
- Major IT companies and companies offering their services on the Internet have a support team that cares exclusively about the needs of the customers. It is a perfectly legitimate strategy to check back with a company’s support team, to make sure if the email is legitimate and was really sent out by the company.
In conclusion, always be aware of what you are doing online. Many dangers on the Internet can be recognized when you are sensitized to the most common threats. This makes us very different from the poor, unsuspecting fish that no one has ever warned about bait.
Intéressé par ce que nous venons de vous dire ?
Dans ce cas, rejoignez plus de 80 000 abonnés et inscrivez-vous à notre lettre d'information gratuite. Recevez des renseignements sur la confidentialité des données, des anecdotes portant sur les nuages, des conseils en matière de sécurité et des analyses de nos experts en cryptographie.