What exactly is phishing and how can you protect yourself from it? In our post, you will get to know everything about it. We will explain how phishing works and we will show you what you need to be careful about so that no one can get to your data.
- What is phishing?
- How does phishing work?
- What are the types of phishing e-mails?
- Phishing e-mails may be recognised by certain features
- What should you do?
1. What is phishing?
The word phishing is made up of the words “password” and “fishing” and means that someone can retrieve your important information, such as passwords. This is done by sending out e-mails in big style that look like they are from well-known companies or directly from your boss.
2. How does phishing work?
Phishing e-mails contain links to apparent login pages, which usually copy the original pages well, giving the impression that they are the actual pages of the company. The attackers want the user to enter their login data.
These e-mails usually state that there is an urgent message waiting for the customer, that the customer’s account has been temporarily frozen, or that the login data needs to be updated quickly. Hereby they give the impression that a quick login is necessary, and so the user does not have time to notice the error.
These fabricated situations will surprise the recipient of the e-mail, they want to solve the matter as quickly as possible, and they log in … Oh no! Attention! This is exactly what the attackers want to achieve. There is no problem with the customer’s account and there is no message waiting for the customer – the attackers just want to steal the login details.
Another type of phishing e-mails is e-mails with attachments. If you open such an attachment, they will discreetly install malicious software on your computer, obtain data, and may even trap you with an expensive subscription.
3. What are types of phishing e-mails?
We know countless types of e-mails that want to access data. For example, the subject of the message may include:
- Your login data must be updated
- Congratulations! You have won.
- Your customer account has been temporarily blocked.
- Millions inherited: You are the only contact person
- An attractive offer for you – 100,000 masks
All such phishing e-mails require you to enter your login data or open an attachment quickly.
But how do you tell the difference between genuine and phishing e-mails?
4. Phishing e-mails may be recognised by certain features
While phishing e-mails are getting better, there are a few features that you can detect them by.
Bad English: Check the grammar and the spelling for something conspicuous!
No title: You are a customer of the company that allegedly contacts you, but the e-mail does not contain any title/addressing? In this case, pay attention!
The subject contains a call for immediate action: The e-mail prompts you to enter your data immediately in order to save your user account from being blocked, or to secure your prize super quickly – in which case you should be very vigilant and not act rashly – not to click or enter your data.
E-mail with data entry link: The e-mail asks you to click on the link provided and enter the data. Take a close look at such an e-mail!
URLs with interchanged letters or spelling errors: Look carefully at the link: does it happen to look “just like” a well-known company? Does it not contain “cryptic” characters?
Check the sender: Click on the sender to see their full address, not only the name displayed.
Unsecured website: You have to enter data, but the line with the address of the website does not contain a locked lock symbol or starts with http: // and not https: // – Attention! You should NEVER enter data on unencrypted websites!
Correct imprint: Check that the imprint is correct. Are there any inaccuracies? Is the data just copied or missing important information?
5. What should you do?
Be mistrustful in principle! Your boss allegedly asks you by e-mail for the data that he has available? Or your boss is asking you to transfer a larger amount of money immediately? In such cases, it is better to verify by telephone that the e-mail contains correct information. It can save you a lot of trouble.
Never open e-mail attachments from unknown senders or if you suspect something. In case of doubts, contact the sending company by telephone and check the correctness of the e-mail.
Do not click directly on the links, but first move the mouse cursor over the link (so-called hover). You will see the link stored there. If the link contains cryptic characters, you should be utmost careful.
Be vigilant! The right amount of mistrust is always good.
We hope that we have armed you well with advice against phishing e-mails!
easyname is an Austrian provider of web hosting and domain services based in Vienna. Our company has been operating successfully since 2006 in Austria and in the meantime also in many other countries all over the world.