Criminals use fraudulent email, spoofed websites, and other methods to try to obtain confidential corporate information. By pretending to be a known person (colleague, boss) or organization (bank, service provider), the fraudsters use the trust of the victim to readily disclose information.
Where might I encounter phishing in my daily work?
The work day starts and you retrieve your email, then discover an email from one of your service providers. The text mentions an invoice with an amount that surprises you. The invoice is attached as a document. You are surprised, because you have not commissioned this service provider in the last months. What you do in the next few seconds is crucial.
A) You treat this email with skepticism, because you are sure that no invoice was expected from this service provider. You take another look at the email. The sender is your service provider, but the email address is noticeable. It’s something like Web@YSJ1QFWP8RU0C0N6.net or firstname.lastname@example.org. Your suspicion deepens and you delete this email. If you are unsure, call your service provider immediately. In no case open the attachment of this email, unless you’re completely certain that it really comes from your service provider.
B) You open the email attachment to find out more. Nothing bad seems to happen, but obviously the bill is fake. You delete the email. But by opening the attachment, a virus was already activated. While you are devoting yourself to other things, he sends emails with false invoices to all your contacts on your behalf. If you are unlucky, the virus then loads malicious programs onto your computer that leads to outages or even extortion.
What can I do to protect myself from phishing?
Approach email attachments and links with mistrust. Always check the sender’s email address. Delete clear fakes. But even at the slightest hint of suspicion, ignore the email first and check it outside the e-mail program:
– If the supposed sender is known to you personally, it is best to call him briefly. You can also email him. But: Be sure to use an email address that you know belongs to the intended recipient. Do NOT respond to the suspicious email.
– If the supposed sender is a known company (eg Amazon or your bank), close this e-mail. Take the detour deliberately, via your browser and log in to your customer account at this company. NEVER use a link from an email. Check in your customer account to see if you have received a message. It’s probably not the case.
– If the sender is unknown to you, briefly google "spam email" and keywords from the subject line or a description of the email (eg debt collection appendix invoice). In most cases, you will find warnings about fake emails. Maybe even an email will be quoted that is identical to the one you received. Delete all emails that fail to confirm the sender's identity independently of the email.
Further information can be found in the consumer information center on email spam, phishing and Trojans www.verbraucherzentrale.de/wissen/digitale-welt/phishingradar
Start Phishing Test