What Is Phishing?

Have you heard about the danger of phishing and would like to know what it is? We’ll explain it to you.

Phishing is a scam used to steal information from the Internet. Phishing emails containing links to fake websites are usually used for this purpose. Mail and website look deceptively real and often lead users to enter personal information. This article will tell you what exactly phishing is, how to spot it, and then what to do.

Know About Phishing

The word “phishing” is made up of two English words, “password” and “fishing”. It means something like “fishing for passwords”. And that is exactly what phishing scammers do: They trick their victims into entering sensitive data such as email addresses or passwords on the Internet. They then access this information and misuse it. They spread even more spam and phishing emails via captured email addresses; with the help of third-party access data, they manipulate user accounts or even steal money.

The phishing scam: You get an email that looks official, real and trustworthy. For example, the email seems to come from your bank, the social network Facebook or the payment service PayPal. In this email, you will be asked to click on a link to update your data, enter your credit card number, or renew your password. Popular reason: Your data has been lost, or your account has been blocked.

The link then takes you to a website that also looks deceptively real. If you log in there with your data or provide it, the fraudsters will fish the information because email and website are fake. The phishing scammers send their fake emails to several addresses at the same time – this increases the likelihood that someone will fall into it and divulge their data.

What is spear phishing?

An extended form of phishing is what is known as spear phishing. Here, the fraudulent emails are not sent indiscriminately to countless email addresses, specifically to a few recipients. Victims are, for example, individuals or companies. With the exact target, the scammers can find out about their victim in advance and design the phishing email and phishing website so that the victim is very likely to fall for it. The goal of this attack is usually to steal specific data, such as trade secrets.

How to recognize phishing emails

Phishing emails used to be easy to spot. Often they were written in broken German or another language, bristling with errors and immediately attracting attention due to their strange layout. This still happens, but most of the time, the emails cannot be recognized as a phishing attack at first glance. Even so, there are some indications for this:

Content of the mail

• You will be asked to enter confidential data (access data, user name, credit card number, PIN, …). Reputable institutions such as banks or mobile phone providers do not do that.
• You will be pressured by a tight deadline. This is also not common in reputable companies.
• You are threatened – for example, with the termination of your account or your mobile phone contract. Reputable companies wouldn’t do that.
• Impersonal salutation (“Dear Sir or Madam”): Companies whose customers you also know your name. But be careful: Phishing emails can also use your name!
• Request to open a link or a file attachment: If you are sceptical about the mail and sender, do not open the attachment under any circumstances. It can contain viruses or Trojans.
• Unfair competition: Supposedly you won a match – but did you even take part in one?

Sender and recipient

• Unknown company: Are you a customer of this company at all? If not, it is phishing.
• Cryptic sender: The sender email address usually looks real at first glance. At second glance, however, inverted letters or cryptic numbers become apparent.
• Other recipients: Are there many different recipient email addresses in the CC of the email, most of which are unknown to you? This indicates that your email address was stolen from others and is now being used for a phishing attack.
• Wrong email address – for example, You are registered on Facebook with your web.de email address. If you now receive messages from Facebook to your gmx email address, you should be suspicious.

The appearance of the mail

• Rare, but still a clear indication of fraud: foreign language, spelling errors, weird wording, strange layout.
• Cryptic link: Do not click on the link; move your mouse over it. The URL of the website to which the link leads now appears at the bottom of the screen. If it’s not a trusted company website, stay away from it. It is better to enter the actual URL of the company website in the browser to visit the page.
• The same applies to the return address. Even if it looks normal, move your mouse over it and check the email address, which is then displayed at the bottom of the screen.

How to protect yourself against phishing attacks

To not fall victim to phishing scammers in the first place, you should handle your data carefully. Don’t give away your email address lightly, and protect all your accounts with strong passwords. You should also use a separate one for each service – otherwise, fraudsters will have access to all services if they steal your password. We explain how to find a secure password here. To protect yourself against attacks on your computer, you should always keep your browser, operating system and anti-virus software up to date.

If you have detected a phishing attempt, you should report it to the consumer advice centre on the one hand and, on the other hand, the company concerned. Both can then take action against the fraud and warn consumers and their customers. Then it would help if you put the sender of the mail on the spam list of your mail program.

If you are not entirely sure whether the email is genuine, ask the company concerned. Important: Do not use the links and contact details from the questionable email for this! Call up the company’s website yourself by entering the address in the browser and use the contact options provided there.

What to do as a phishing victim

If you’ve fallen for a phishing email and disclosed data, you need to act quickly. When it comes to login details, the scammers will change them very soon so that you can no longer access your account. So try to beat them up and change your password. If you have given bank details, contact your bank immediately and have your account blocked. Also, keep an eye on your transfers.