More and more phishing emails end up in the e-mail mailboxes of local users. Some are quite obvious, others are difficult to recognize. For everyone: If you fall for it, your password is going on, stands in front of encrypted files, or even made your entire company unable to work. It is all the more important that everyone sees through the tricks of the criminals and knows how to recognize phishing.
Definition: What is Phishing?
Phishing comes from the English “Password Harvesting” and “Fishing”. It is about attempts to attract people with fake news, emails, or SMS on fraud pages. There, the attackers then try to steal access data, for example for online banking or malware to bring the victims to PCs.
Phishing may happen on fake websites that copy the Amazon page one to one and ask about registration data and then save them. The fraudsters also try to attract their victims with false bills, warnings, alleged accounts, or the like.
Phishing trick: Personal speech
Hacks of websites now have billions of data records on dumping prices on the Internet. The passwords contained therein have often already been changed. The name and the email address usually remain the same. This is used by cybercriminals and sends automatically generated emails with personal speech – often with supposed bills.
If you don’t know this trick, you may want to take a closer look at the whole thing and open the appendix. Do not do that! Are you a customer of the supposed sender? Then open the associated website directly and look there or contact support. If you are not a customer, just ignore the email.
Phishing trick: fake sender
If the criminals have hijacked an email account, please send an email to the complete address book that looks like the contact had shared a file. However, there is a Trojan who takes control of the PC or encrypted personal files and demands ransom as soon as you start.
In this case, too, the following applies: Does it seem strange to you that you receive this file? Then ask the sender in a different way, such as by phone. Don’t open the file if you are not sure that it is harmless!
Related: Windows 11 22H2 Can Help Protect You From Phishing Attacks
Phishing trick: stray mail
Likewise, fraudsters like to use (supposedly) stray mail. For example, such messages seem to come from the HR department, contain salary lists or budgets, and should actually go to the boss but have accidentally landed. Here the trick is curiosity.
It is absolutely clear to the recipient that the mail is not intended for him, so he cannot ask. But of course, he is also interested in what the others earn or how high the budget of the department is. Avoid looking in! It is extremely unlikely that the mail actually got lost. Instead, it should contain malware.
Phishing trick: macros
With macros, simple functions can be programmed in the office and thus do calculations for tables. Criminals also use macros to attack their PC. You should therefore only activate you if you know exactly what they do.
Phishing senders regularly use macros in attached documents and often point out that they have been created with mobile devices and therefore they have to activate them so that they are displayed correctly. That’s nonsense! Anyone who claims something like this wants to cheer them on malware.
Phishing trick: shock moments
When we are shocked, we react very quickly and often do not think properly. This is exactly what Internet fraudsters want. That is why they send horror messages via high invoices or any legal proceedings, claim that something with important user accounts or bank accounts is wrong, and the like.
A link that leads to a fake website is usually included. There the attackers want to tap their login information and rely on the fact that they do not look at the hurry.
Therefore: No matter which horror messages come by email, stay calm and think. Is it really common to receive such messages by email? And is that really the correct website?
Phishing trick: Corona
Corona is still omnipresent – and many are interested in current numbers, new rules, masks, and more. The criminals also take advantage of this and attract, for example, super special offers, exclusive information, or the like. Of course, the goods never arrive and the information is also available on the net.
For this, juicy invoices, fake lawyers or malware hails. So be very careful with emails with Corona cover.
Phishing trick: Cloud memory
Many protective programs examine e-mail attachments and report if there is something suspicious there. Some attackers have therefore started to integrate mail attachments from the cloud. The files are then not really attached, but only as a link in the mail, and are actually on online storage such as OneDrive or Dropbox.
If it is not very large files or the trustworthy company cloud, such links to cloud stores are suspicious. So be particularly skeptical in these cases.
Phishing trick: SMS on the cell phone
Smartphone owners are also not sure about phishing attempts: more and more often send criminal SMS messages that indicate allegedly waiting for packages or voice messages. The recipients should open a link for more information and land on tried and tested fraud pages.
Since the senders use constantly changing numbers, they cannot be reliably blocked. It is best to ignore such messages.
Phishing trick: donations
Most people have an instinctive impulse to help others in need. The use of criminals. With videos of sick children whose parents cannot afford to take drugs, they ask war victims and the like for donations. Of course, they don’t end up with the people shown in the video.
If you want to donate, you better do this directly with aid organizations. There are many of them for a wide variety of purposes. Under no circumstances donate cryptocurrency. Behind it is almost always a fraud.
Phishing trick: Sugardaddy
Other criminals write to young women on Instagram that they want to be their Sugardaddy. The woman died and they simply need someone to talk to and are ready to pay a lot of money for it. When paying, send a screenshot that should show that something did not work.
To correct this, the women should send a small amount, which then disappears with the Sugardaddy. Never use the PayPal function “Send money to friends” if they are not friends.
Phishing trick: new number
Recently, the stitch is also very popular to contact an unknown number via SMS or WhatsApp and to spend it as a son or daughter. Allegedly, this is the new number, you should save it and yet send a message right away. If you do this, you get a sad story about a broken car or something like that.
This is followed by whether you cannot take the invoice because online banking or the credit card is on strike. The amounts are in the high hundreds or low thousands area, so parents would definitely anticipate this. A call to the old number or via the landline makes the dizziness open quickly.
How to protect yourself from phishing
- There are a lot of indications of whether there is a phishing attempt behind an email or not. However, many cannot be seen at first glance:
- Check the sender of the message. Anyone can enter what they want as a name. However, the sender’s address is more difficult to fake. Therefore, many phishing emails, for example, show “Amazon” as the sender, but the associated mail address is then “[email protected]” or similar. Pay attention to the part behind [email protected]: An email from the address [email protected], however, does not come from the mail order company, one from [email protected], on the other hand.
- Pay attention to pictures. Official emails usually have a signature with the company logo and special formatting. Hackers try to add this by installing photos of these signatures into the emails. This can be seen particularly well if you have activated the dark mode in your email program or in the mailbox, then the fake signatures are framed in white.
- Check on the left. If you move the mouse pointer over one but do not click it, you will see the full link behind the bottom left or in a pop-up. In the text, for example, it says that you should call up your Amazon account, and then as a link an address that does not belong to Amazon or a short URL like a bit.
- Do not open any attachments. You should only click email attachments if you have expected them. Almost all clever digital systems, which are skillful, contain malicious code!
- Google the subject or the sender. Phishing emails usually go to millions of recipients. You will often find a warning about such emails during a Google search.
- A good protective program filters out Spam messages and warns you when you are on fake websites.
Note the tips against phishing in messengers.
What to do if you fell for phishing?
With all precautions, it can happen that you fall for a well-made stitch. Then quick action is required. Here are the most important tips on what you should do in such a case:
- Scan the computer with an antivirus program to prevent the fraudsters from tapping even more data.
- Change all passwords you have specified – also on other pages if you use the same access data there.
- If you have entered payment data, contact the provider or the bank. Credit cards can be blocked and replaced to avoid damage. With other providers, change the password. Also, check whether unwanted payments have already happened.
- Once financial damage has occurred, the police file a complaint.
- Tell friends and acquaintances about the stitch so that they do not fall for it.
Report phishing emails
Phishing emails can be reported to the Federal Communication Commission as spam. However, since there are no registered companies behind the messages, but internet criminals, a complaint in most cases does not lead to anything.
Another option: Spam can be reported to many email providers so that such messages automatically disappear from the inbox of all users. How exactly these works vary from provider to provider.
At Gmail, for example, respond to the email, click on the three points and report Phishing. If you have actually been damaged by Phishing, report the incident to the police and your bank or the provider where the damage was incurred. Under certain circumstances, you can at least get your money back in the event of damage.
