Time and again, we are warned against phishing emails. They are considered one of the biggest threats, as the majority of successful cyber attacks on companies are caused by phishing emails.
Phishing emails are becoming increasingly creative and are designed and formulated more professionally. It is therefore all the more important that all employees know how to recognise phishing and how to protect themselves effectively against it.
What is phishing?
The term phishing is a made-up word or a combination of the words password and fishing – and means the tapping of sensitive information, especially passwords or access data. The so-called data fishers often obtain the email addresses of phishing recipients via address traders and then try to pretend to be a trustworthy source in order to obtain information that they can then use for profit.
Phishing emails are thus fraudulent emails that mostly aim to trick recipients into revealing confidential information (e.g. credit card information, access data, bank details, etc.) or installing malware / malicious software (e.g. by clicking on links or opening attachments).
Emails are currently the most common form of phishing, but increasingly messengers or text messages are being used.
While spam emails are usually annoying but relatively harmless, phishing emails can be dangerous as they can lead to significant data breaches in the company.
Tip: Please also read our guide to phishing prevention using technical and organisational measures.
Prevention – how do I recognise phishing?
To counteract the dangers of phishing, it is especially important to be able to recognise phishing emails. This requires a combination of healthy distrust and attention. In some cases, the phishing message catches your eye immediately, in others you have to look much closer.
Opening a phishing email is usually not dangerous. Only opening the attachments and clicking links is risky. This gives you enough time to check the authenticity of the email at your leisure.
You should pay attention to the following points:
Email header
If you have received a suspicious email, you should look directly at the email header. Here you should check the name, email address and IP address of the sender.
The display name is relatively easy to forge. It is more difficult with the email address. That is why in some cases the email address does not match the alleged ad name at all. This is how you know that it is most likely a scam.
In the email header you will also find the IP address of the actual sender. This cannot be manipulated.
Unprofessional design and incorrect grammar / legal spelling
In phishing emails, the formatting and design elements often appear not to have been professionally created. The content of a phishing email also often leaves a lot to be desired. The subject line and text are usually written in poor English or German etc.
However, an unprofessional design and incorrect legal spelling are not always an indication of a phishing email. The quality of fraudulent emails is improving all the time (for example, texts formulated using artificial intelligence (AI)), so they are not necessarily recognisable at first glance. Therefore, be sure to read the email thoroughly to uncover any inconsistencies.
Impersonal salutation
Phishing scammers usually use generic salutations such as “Dear Customer”. This may indicate that the email is fake, as senders you know are usually likely to be writing to you personally.
Attention: Phishing attacks are becoming more and more professional. In the age of social media, it is easy for a phishing scammer to find out your name and other information about you. Social media channels are frequently misused for phishing attacks, so that the fraudster has a lot of personal data at his disposal and can thus easily write to those affected personally.
Unexpected and unusual contact
If the request of the sender of the email seems unusual or unexpected at the present time, you should become sceptical.
An example of this would be an unexpected email from the boss requesting Amazon gift cards and sending the cards or redemption codes to a specific person. If in doubt about the authenticity of the request, we recommend contacting the person who requested the gift cards directly (e.g. by phone) to ensure that the request is not a scam.
Urgency
The use of time pressure to force a quick response is one of the clearest characteristics of a phishing email.
Mostly, the scam messages are about account blocking, alleged identity theft, data matching or similar. The emails deliberately pressure or panic the recipient – or they promise profits and special offers if action is taken within a very short time.
Therefore, be sceptical of emails that require quick action without allowing sufficient time for consideration (e.g. “We ask you to verify your data within 24 hours”).
Links and buttons
If the email contains a link that you are supposed to click on, you can easily check it to see if the website – to which you are redirected – is genuine. To do this, move the mouse over the linked text or button – without clicking it (!) – to check which address appears in the tooltip. If the tooltip refers to another domain name, then the website is fake.
Tip: You should read URLs from left to right up to the third slash and pay attention to the area with the last dot. This is where the actual destination address is displayed.
As an example: https://www.paypal.mybiz.com/ leads to mybiz.com and not to paypal.com.
Caution: Some characters from other writing systems resemble letters of the Latin writing system so closely that it is almost impossible to distinguish them with the naked eye.
If you are unsure whether you actually need to take action, open the relevant company’s website in your browser (instead of clicking on the link in the email) and check there whether any action is required on your part. This will prevent the link from taking you to a fake website.
How you should react to phishing
If you suspect you have been eaten by a phishing email, you should inform your data protection officer or the responsible office in the company (e.g. IT administrator) as soon as possible. They will take the next steps after consulting with you.
If your suspicion is based on the fact that after the phishing attack your computer has been infected with a virus, then the following steps, among others, should be taken:
Cut network access
In order to prevent the virus from spreading throughout the entire network in the company, the first thing you should do is disconnect the infected computer from the network. However, do not switch off the computer, as the administrator needs a running system to search for the cause. In most cases, the traces of the attack can only be found in the system’s main memory. Restarting or switching off the computer would irrevocably erase all traces.
Perform virus scan
If an automatic virus scan has not yet been carried out, this is the next step. The decisive factor here is that the antivirus database is up to date. Only then will the latest malware types be detected. As soon as the programme has run through and found viruses, it usually deletes them automatically or moves infected files to a quarantine.
Forensic analysis
IT forensics is one of the most important analysis factors in computer-based crime, such as phishing. It should help to investigate the course of the attack on the data, to determine the damage caused and, if necessary, to convict the perpetrator.
Anti-phishing tools
Similar to the defence against viruses and spam, there are now also remedies against phishing. These so-called anti-phishing tools use artificial intelligence to analyse mostly the content, formatting and header information of the email to minimise the security gap in the email inbox and detect possible phishing emails and alert the recipient.
Even if your computer has not been infected with a virus, but you have entered personal data or access data on a fake website, you should take the following steps, among others:
Password change
If a phishing scammer has actually been successful, change your password immediately – preferably via another terminal device. If the computer has become part of the phishing attack and a password manager is installed on the PC, all passwords stored there should also be changed.
Contact original supplier
Often, well-known names of banks and other large companies are misused for phishing purposes. That is why many companies (such as Amazon) offer a reporting channel to report the abuse.
This also allows the original provider to take additional measures to prevent further damage.
Contact the police
If you have recognised the phishing email as such, you should delete it immediately.
However, if you have already clicked on a link or opened a file attachment and caught a virus as a result, do not delete the email, as it serves as evidence in an emergency.
Since phishing is attempted fraud and therefore a criminal offence, the police should be contacted in any case. A criminal complaint is important in this case, as phishing is not a trivial offence.
Conclusion
Phishing emails pose a significant threat to businesses and the protection of personal data. Knowledge of how they work, awareness of the dangers and mindfulness in everyday work are the best defence.
This also applies to the fact that phishing attacks do not only take place online. Also be careful with letters and text messages and never give out passwords or confidential information.
If you have any doubts about the authenticity of a message, contact your data protection officer or the company named in the message directly. They can fully check the message and assess whether it is trustworthy or not.
