Phishing

Criminals try to obtain confidential company data with the help of fraudulent emails, fake websites and other methods. By pretending to be a well-known person (colleague, boss) or organization (bank, service provider), the scammers exploit the victim’s trust to willingly disclose information.

Where do I encounter phishing in my everyday work?

The working day begins and you check your emails, then you discover an email from one of your service providers. The text talks about a bill whose amount surprises you. The invoice is attached as a document. You are surprised because you have not commissioned this service provider in the last few months. What you do in the next few seconds is crucial:

A) You treat this email with skepticism, because you are sure that no invoice was to be expected from this service provider. They take another close look at the email. Your service provider is indicated as the sender, but the e-mail address is conspicuous. For example, it is web@YSJ1QFWP8RU0C0N6.net or bricklayer316@moselland.de. Your suspicion deepens and you delete this e-mail. If you are unsure, give your service provider a quick call. Under no circumstances should you open the attachment of this e-mail unless you are completely sure that it really comes from your service provider.

B) You open the attachment of the email to find out more. Apparently nothing bad happens, but the invoice is obviously fake. You delete the email. But when you open the attachment, a virus has already been activated. While you’re busy with other things, he sends emails with false invoices to all your contacts on your behalf. If you’re unlucky, the virus will then load malware onto your computer, leading to failures or even blackmail .

What can I do to protect myself from phishing?

Always treat email attachments and links with suspicion. Always check the sender’s email address for emails. Delete obvious fakes. But even if you have the slightest suspicion, ignore the e-mail at first and check it outside the e-mail program:

• If the supposed sender is known to you personally, it is best to give him a quick call. You can also write him an email. But: Be sure to use an e-mail address that you know for sure belongs to the intended recipient, DO NOT reply to the suspicious e-mail.
• If the supposed sender is a company you know (e.g. Amazon or your bank), close this email. Deliberately take the detour via your browser and log in to your customer account with this company. NEVER use a link from an email to do this. Check your customer account to see if you have received a message. This is probably not the case.
• If the sender is unknown to you, google “e-mail spam” and keywords from the subject line or a description of the e-mail (e.g. debt collection request, attachment, invoice). In most cases, you will find warnings about fake emails. It may even cite an email that is identical to the one you received. Delete any emails where you were unable to verify the sender’s identity independently of the email.

Further information can be found in the information section of the consumer advice centre on e-mail spam, phishing and Trojans: www.verbraucherzentrale.de/wissen/digitale-welt/phishingradar