Lesson 19 – Phishing attacks: How to avoid them

Krypto und Aktien Academy von BISON

What is phishing?

Phishing involves emails where senders disguise their true identity, posing as a different person or company. Typically, scammers mimic the design of well-known and trustworthy brands with the goal of obtaining sensitive information such as usernames or passwords. Often, emails are sent that look almost identical to those of Deutsche Post/DHL, Amazon, or PayPal.

The term “phishing” is derived from the fishing technique where bait is used to lure fish. Instead of being able to enjoy the worm, the fish ends up on the hook. Neither the fishing bait nor the phishing email have a happy ending if they are successful.

How to defend against phishing attacks

  1. Multi-factor authentication: This adds a layer of protection against data loss. It requires more than one form of identification, often including a TAN or biometric recognition like a fingerprint.

  2. Examine the email sender: Email addresses always belong to a corresponding domain. For example, if you receive an email from BISON, the email’s sender address should correspond to their domain, which is bisonapp.com. Be wary of any emails with a different domain or slightly altered spelling.

  3. Grammatical errors: Phishing emails are usually written by non-native speakers. Cybercrime happens all over the world. That’s why simple translation tools are used to reach as many people as possible.
    Have you received an email from a reputable company that contains grammatical errors? Then someone is probably trying to scam you.

  4. Email design: Genuine companies invest time to ensure their emails display correctly across devices and browsers. While it‘s not impossible for an email from a reputable company to look strange on your device, especially if you use older or unusual devices, strangely formatted emails can indicate a phishing email. Criminals do not test designs on different devices and browsers. Often, only the company’s logo or footer is inserted, and possibly the footer is copied. If you find the design strange, check the sender’s address as a next step.

  5. Anti-virus or spam filter tool: The spam filters of large email providers like Google already recognize many unwanted messages. However, both companies and private individuals can protect themselves even further. Anti-virus tools are suitable for private individuals. These often contain spam filters that work with the installed email program.

  6. Salutation consistency: Legitimate companies usually address you by your first or last name. They’re typically very consistent in their communication. Your bank has always addressed you by your last name and suddenly an email begins with “Dear customer”? Criminals usually send phishing emails in bulk. Phishing attacks using stolen data sets with your complete information rarely happen. If you are not addressed personally at the beginning of an email or find any misspellings within the content, be cautious and investigate further.

  7. Carefully check sender’s link: On both smartphones and computers, it is possible to preview and check an outgoing link. If there is a link or button in an email, you can hover your computer mouse over the link/button and wait a moment. With a smartphone, pressing and holding on the link is usually sufficient. Instead of opening it directly, a small preview of the link will pop up. This way, you can calmly check whether the URL aligns with sender. Even a slight alteration in the URL, like “mercedes.de” and “merzedes.de”, is a sign of phishing. However, a completely different URL might indicate that the company is working with a certain email provider or URL shortener. For example, links from the URL shortener bitly are often found in an email. If you’re unsure, open the provider’s page directly in your browser.

Sources

Morgan, S. (2021) Cybercrime To Cost The World $10.5 Trillion Annually By 2025. Available at: https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/, last accessed 12.09.2023.

Statista (2023) “Ranking der 20 Länder mit dem größten Bruttoinlandsprodukt (BIP) im Jahr 2022”. Available at: https://de.statista.com/statistik/daten/studie/157841/umfrage/ranking-der-20-laender-mit-dem-groessten-bruttoinlandsprodukt/, last accessed 12.09.2023.

Slandau (2022) “Phishing attack statistics 2022”. Available at: https://www.cybertalk.org/2022/03/30/top-15-phishing-attack-statistics-and-they-might-scare-you/, last accessed 12.09.2023.

APWG (2022) “Phishing Activity Trends Report”. Available at: https://docs.apwg.org/reports/apwg_trends_report_q1_2022.pdf?_ga=2.163774207.1531246799.1663225619-4666965.1663225619&_gl=1*39e0a3*_ga*NDY2Njk2NS4xNjYzMjI1NjE5*_ga_55RF0RHXSR*MTY2MzIyNTYxOC4xLjEuMTY2MzIyNjExOS4wLjAuMA, last accessed 12.09.2023.

Statista (2022) “Die meistgesprochenen Sprachen weltweit”. Available at: https://de.statista.com/statistik/daten/studie/150407/umfrage/die-zehn-meistgesprochenen-sprachen-weltweit/, last accessed 12.09.2023.

Morgan, S. (2022) “Datenleck der ActiveCampaign Marketing-Plattform,” BitBox Blog. Available at: https://shiftcrypto.ch/blog/datenleck-der-activecampaign-marketing-plattform/, last accessed 12.09.2023.

Disclaimer

The content of this article is for informational purposes only and does not constitute financial, investment, and/or trading advice. We strongly recommend that you conduct the necessary research before making an investment, and/or trading decision. Please note that past performance does not guarantee future results.

Liability of the Börse Stuttgart Group and its subsidiaries for the article is excluded.