Security

Phishing – Definition and meaning

3 min read 904 views

What is Phishing? Phishing is a fraudulent method used by criminals to obtain personal information such as passwords and credit card details. Learn more

Phishing: Recognising and fending off the online threat

Phishing is a type of cybercrime in which fraudsters attempt to steal sensitive data such as usernames, passwords and credit card information. These unscrupulous attacks are often carried out via fake emails or websites that look deceptively similar to the original sites. In this article you will learn what phishing is exactly, how to recognise phishing and what measures can be taken to defend against it.

What is phishing?

Phishing comes from the English word "fishing". It is a method by which attackers try to lure unsuspecting users into a trap in order to steal their data. The fraudsters often use the identity of trustworthy organisations to deceive their victims. This can be done via emails, text messages(smishing) or even telephone enquiries(vishing).

Types of phishing

Email phishing: The most common form in which fraudulent emails are sent.
Website phishing: Fake websites that look like the original sites.
Spearfishing: Targeting specific individuals or companies.
Whaling: A special form of spearfishing that targets high-level executives.

How do you recognise phishing?

It is crucial to recognise phishing attacks at an early stage. Here are some tips that can help you:

Check the sender address: Phishing emails are often from addresses that differ only slightly from the real address.
Look out for spelling mistakes: Phishing messages often contain spelling mistakes or ungrammatical formulations.
Check the link destination: Hover over links to see where they really lead before clicking on them.
Suggest urgency: Phishing emails often put time pressure on users to take immediate action.

How to protect yourself from phishing?

To effectively protect yourself from phishing, here are some important measures:

Use complex passwords: use combinations of numbers, letters and special characters.
Activate two-factor authentication: This significantly increases the security of your accounts.
Educate yourself and your employees: Awareness of phishing can ward off many attacks.
Install anti-phishing software: These programmes can help identify potential threats.

Illustrative example on the topic: Phishing

Imagine this: Anna receives an email that appears to be from her bank. The email informs her of suspicious activity on her account and asks her to check her details by clicking on the link provided. This email looks deceptively genuine as it contains the bank's logo and the layout hardly differs from official emails. Anna, worried about her account, clicks on the link and enters her login details on the fake website. Shortly afterwards, the fraudster has access to her bank account and empties it. This example clearly shows how important it is to be sceptical about emails and to visit the bank's official website directly.

Conclusion

Phishing is a serious threat that jeopardises users and companies alike. By educating yourself about the different types of phishing and taking preventative measures, you can protect yourself and your sensitive data. Safe online behaviour is crucial to minimise the dangers of phishing.

For more information on cybersecurity and other related topics, you can visit our encyclopaedia:Cybersecurity or DNS.

Frequently asked questions

What are the most common signs of phishing?

Common signs of phishing are suspicious sender addresses that differ only slightly from trustworthy addresses. In addition, phishing messages often contain spelling mistakes or ungrammatical wording. Another indication is the urgency that is suggested in many emails in order to persuade users to take immediate action. Links that lead to fake websites are also a typical feature.

How does phishing work?

Phishing works by fraudsters creating fake emails or websites that are modelled on real institutions. These messages often contain a link or attachment that asks users to enter personal information. When the victims go to the fake website and enter their details, they go straight into the hands of the fraudsters, who then use them for criminal purposes.

What types of phishing are there?

There are different types of phishing, including email phishing, which is the most common. There is also website phishing, where fake websites are used to steal data. Spear phishing targets specific individuals or companies, while whaling focuses on high-level executives. Each of these methods has its own tactics and target groups.

How can you protect yourself against phishing?

To protect against phishing, users should use complex passwords and activate two-factor authentication. It is also important to educate yourself and employees about phishing to raise awareness. In addition, installing anti-phishing software can help to recognise and ward off potential threats at an early stage.

What is the difference between phishing and spearfishing?

The main difference between phishing and spear phishing lies in the targeting. Phishing targets a broad mass of users by sending many emails to different recipients. Spearfishing, on the other hand, targets specific individuals or companies, often using information gathered about the target to increase credibility.

What role does social engineering play in phishing?

Social engineering plays a central role in phishing, as fraudsters use psychological tricks to inspire trust. They use emotions such as fear or urgency to manipulate victims. By feigning authority or urgency in their messages, they try to get users to reveal their sensitive information.

How do you recognise fake websites in a phishing context?

Fake websites in a phishing context can often be recognised by their URL, which differs slightly from the real one. In addition, they often contain unprofessional designs or spelling mistakes. Users should also check whether the site uses a secure connection (HTTPS). Another indicator is that fake sites often do not provide any contact information or a legal notice.

What are the consequences of a phishing attack?

The consequences of a phishing attack can be serious. Victims can lose their personal data, banking information or access data, which can lead to financial losses and identity theft. Companies are also at risk, as such attacks can lead to data leaks, reputational damage and legal consequences. It is therefore important to take proactive measures to defend against phishing.

Name	`PHPSESSID`
Description	Stores the user's current session ID.
Host	jobriver.de
Lifetime	Session
Type	HTTP

Name	`jobriver_consent`
Description	Stores your cookie consent decision.
Host	jobriver.de
Lifetime	365 days
Type	HTTP

Name	`jr_lang`
Description	Stores the selected language so the site is shown in your preferred language.
Host	jobriver.de
Lifetime	365 days
Type	HTTP

Provider	Website operator (first party)
Privacy policy	https://jobriver.de/en/privacy

Name	`_ga`
Description	Used to distinguish individual users.
Host	jobriver.de
Lifetime	2 years
Purpose	Tracking
Type	HTTP

Provider	Google
Description	Google LLC, the parent company of all Google services, is a technology company that offers various services and is engaged in developing hardware and software.
Address	Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy	business.safety.google/privacy
Cookie policy	policies.google.com/technologies/cookies

Name	`_fbp`
Description	Used by Meta to display a range of advertising products, e. g. real-time bidding from third-party advertisers.
Host	jobriver.de
Lifetime	3 months
Purpose	Marketing
Type	HTTP

Provider	Meta Platforms
Description	Meta Platforms, Inc. (formerly Facebook, Inc.) is a technology company that operates social networks, messaging services and advertising technologies.
Address	4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy policy	facebook.com/privacy/policy
Cookie policy	facebook.com/privacy/policies/cookies