There is always talk of phishing emails and phishing attackers on the Internet. But what is phishing anyway? And how do you recognize it and protect yourself against it? We’ll tell you in this article.
What is phishing?
The term phishing doesn’t sound like someone going fishing. It is a combination of “password” and “fishing”. Basically, someone wants to fish for passwords when phishing. Fraudsters then use these passwords to gain access to the corresponding user accounts and can get up to all kinds of mischief, which in the worst case can be very expensive for the user. Phishing is usually carried out via e-mail. So you already know where to look out for password phishers. However, they are not always easy to recognize. Phishing e-mails are usually not pure spam with topics that do not really interest you. Phishing emails are usually designed to look like they come from real companies. In most cases, these are sites that you are registered with or even emails from your boss or work colleague. The idea behind it is as simple as it is ingenious: you are asked to act quickly and log in to a site. There is a link directly in the email. If you click on this link and log in accordingly, the fraudsters will obtain your access data. Another variant is emails with attachments which, when opened, install malware on your computer that reads out your information or takes out expensive subscriptions directly. So the golden rule in your e-mail inbox is always: don’t open anything that you don’t trust 100 percent. It’s better to ask twice than to fall into a trap. In general, it is always a good idea to go to a website manually instead of clicking on a link in an e-mail. For example, if you receive an e-mail in which one of your accounts has supposedly been blocked and you should log in again, do not follow the link. Instead, go to the relevant page separately and check whether your account has actually been blocked. In 99 percent of cases, this is not the case.
How can you recognize phishing emails?
There are several variants of phishing emails, but you have probably already come across the most common ones: “Your account has been blocked”, “You have won”, “Attractive offer”. The first indication that it may be phishing is a title that attracts attention. The next indication is that the email contains a link that you should definitely click on. In order to recognize phishing, it makes sense to familiarize yourself with genuine emails from companies. For example, take a close look at what an email from Amazon actually looks like. Phishing emails are rarely structured 1:1 in the same way and so you can already recognize the differences.
Recognition features of phishing
- Missing salutation – personal emails from companies always start with a salutation
- bad German – yes, small mistakes are always possible, but phishing emails are often full of them
- Immediate call to action in the subject line – if the subject line itself is just asking you to enter your details, that’s a pretty clear sign of phishing
- Links where you are asked to provide data – companies do not usually ask you to follow a link and provide data there
- wrong sender – phishing emails do not logically come from official company emails, so it makes sense to take a close look at the sender
- wrong URL – the same applies to the URL in the link, which probably contains strange characters or is not structured as you are used to
- No lock symbol – also a good tip apart from phishing: if a page does not have a lock symbol in the address bar, it is rather unsafe to enter data on it
- Missing or incorrect imprint – if the imprint is not correct, it is clear that it is not a serious request
Otherwise, as usual, the guiding principle applies: “Better safe than sorry.” So always be suspicious. If you receive an email from a colleague that seems strange, it is better to ask in person whether the email is really from her. Don’t open any attachments that you don’t trust and never click on links in emails if you can simply navigate to the page manually instead.
Conclusion
Phishing is actually old hat and you would think that it has no success. In fact, passwords and other information are still being harvested from unsuspecting victims in this way every day. A healthy dose of mistrust protects recipients from falling into this trap themselves. In addition, two-factor authentication offers protection against mischief being done with harvested access data.