Phishing, What Is It All About? (Part 1)

The number of phishing attacks increased by 29% in 2021 compared to the previous year, and Germany was the third most attacked country. But what exactly is “phishing”? In phishing, someone poses as a reputable and trustworthy person or company and, by manipulating the victim, achieves that the latter clicks on or opens a file, link or similar. This usually then leads to personal information being stolen or malware being installed.

Phishing, What Is It All About? (Part 1)

Email Phishing

A well-known example is “email phishing”. This type of phishing accounts for about 96% of all such attacks. Emails are sent that appear to come from well-known companies. Recognizing such e-mails is usually easy and successful if you check the following characteristics in particular:

  1. Characters are appended to the name of the company, e.g. a dot or an underscore.
  2. If you look at the sender’s address, they are often random characters.
  3. The content of the e-mail does not correspond to classic corporate communication. For example, it consists of a short text, which often contains grammatical and spelling mistakes.

Baiting

Besides email phishing, there is also “Baiting”. Baiting is a kind of Trojan horse, which means that while you are interacting with the bait, something is happening in the background, such as downloading malware. Baits are usually interesting file names or even offers. This type of attacks targets curious individuals who, at best, are not familiar with the dangers of phishing. To avoid “Baiting”, one should always make sure that the domain one is on is safe and question the characteristics of the file or offer. One should ask oneself questions like:

Search Engine Phishing

As you can tell, phishing is everywhere, which means it’s also in your own browser. “Search Engine Phishing” involves targeting consumers with fake online shopping websites. These shopping websites often appear to coincide with the season, e.g. Christmas, and offer irresistible discounts. One unsuspectingly provides personal information and bank details during the purchase and, in most cases, receives nothing of the purchased goods or a cheaper version. Such fake stores can be recognized quite reliably by some features:

A three-parted overview on E-Mail Phishing, Baiting and Search Engine Phishing. E-Mail Phishing: With 96% the most common form of phishing attacks. Here attackers pose as well-known companies. Usually manipulated URLs are used in an attempt to steal information, such as bank details. Baiting: The target group of this form of phishing are curious individuals. They are being baited with offers or interesting file names. This form of phishing functions like a Trojan horse. Search Engine Phishing: In this form of phishing customers are targeted with fake online shopping websites. These have irresistible discounts and mostly appear during the appropriate season, such as Christmas.
Figure: Summary on E-Mail Phishing, Baiting und Search Engine Phishing

Published of Aura Pop & Rene Neff

Show more

  1. A Ransomware Secure Backup Strategy

    A Ransomware Secure Backup Strategy

    We provide you with information about ransomware attacks, the attackers and their consequences. Based on this, you will receive requirements for a ransomware secure backup strategy and how you can implement this with BorgBackup to best protect yourself from an attack. Ransomware is currently a real, serious threat […] which can also attract a lot of media attention. The probability that your company/agency will also be hit is currently high and realistic – BSI Catalogue of Measures for Ransomware.

  2. Speed up Rust CI pipelines that use Tarpaulin

    Speed up Rust CI pipelines that use Tarpaulin

    Rust is an awesome language. Not only does it provide you with runtime performance that is on par with languages like C and C++, but it also prevents you from shooting yourself in the foot thanks to a lot of compile time checks. This however means that the compiler has to do a lot more work compared to some other languages: Borrow checker, Types, Generics, Macros, LLVM Optimization… While those features do result in a better product, no one wants to sit around 30 minutes just to discover that a single test failed due to a typo.

Get to the blog