Cybersecurity | IT Protection | Cyberspace
Stealing information by faking false facts via email is one of the most common and dangerous forms of attack for companies.
In a phishing attack, criminals try to obtain confidential company data with the help of fraudulent emails, fake websites and other methods. The fraudsters often pretend to be a person or organization from their immediate environment – for example, a common bank or a distant relative. They take advantage of the victim’s trust in this to willingly disclose the information.
In addition to classic e-mail, there is also phishing via SMS or telephone. A supposed service provider calls and asks you to give them access to your computer to solve a supposedly urgent problem.
Such attacks can be quite dangerous. A survey by the German Insurance Association has shown that 59% of successful cyberattacks on small and medium-sized enterprises are carried out by e-mail.
It is difficult to say what the actual goal behind an attack is as long as the perpetrator is not arrested. In most cases, the aim is to obtain data with which the criminal can enrich himself. This can be done directly, but also indirectly.
If, for example, the perpetrator steals complete credit card information or bank details, then it is easy for him to use it to transfer money or make purchases online. But good money can also be earned on trading venues on the dark web with the access data for a company’s computer system. In rare cases, this information is deliberately stolen to destroy a competitor’s reputation or spy on trade secrets. This should not be underestimated either, as there are many pioneers and hidden world market leaders, so-called hidden champions, among small and medium-sized companies in Germany. Their data is highly interesting for reasons of industrial espionage.
The scammers cleverly use various psychological strategies in phishing to get their victims to reveal the information they want. Fear can be a driving factor, for example the fear of no longer being able to work. But curiosity (“We have a surprise for you.”), social pressure (“All colleagues took part in the campaign.”) or the pursuit of profit (“Log in and receive a voucher for 50 euros.”) can also be effective mechanisms to get the desired data. Depending on their personality, each employee is differently susceptible to different forms of cyberattacks. Therefore, do not allow yourself to be pressured and check the identity of e-mail senders and callers sufficiently.
A good example of a successful phishing scam is the supposed email from a popular bank. The victim is asked to log in to their customer account as soon as possible and confirm their identity, otherwise the company account will be blocked. If the victim is actually a customer of the bank and therefore believes the email to be genuine, he or she clicks on a link that leads to a fake website of the financial institution. There it enters its access data and other information, which the criminals can then access without any problems. Often, the e-mails and websites are designed to be deceptively real: the design, name of the sender, salutation and signature correspond to those of the company – only a detailed examination of the sender and Internet address can be used to conclude that fraud is being carried out.
Cyber security | IT protection | Cyberspace
Stealing information by pretending to be someone else via email is one of the most common and dangerous types of attack on businesses.
In a phishing attack, criminals use fraudulent emails, fake websites and other methods to try to obtain confidential company data. The fraudsters often pretend to be a person or organisation from the victim’s immediate environment – for example, a well-known bank or a distant relative. They exploit the victim’s trust to get them to willingly disclose information.
In addition to traditional emails, phishing also occurs via text message or telephone. A supposed service provider calls and asks you to give them access to your computer to solve an allegedly urgent problem.
Attacks of this kind can be quite dangerous. A survey by the German Insurance Association found that 59% of successful cyber attacks on small and medium-sized enterprises are carried out via email.
It is difficult to say what the actual goal behind an attack is until the perpetrator is apprehended. In most cases, the aim is to obtain data that the criminal can use to enrich themselves. This can be done directly or indirectly.
If the perpetrator steals complete credit card information or bank details, for example, it is easy for them to transfer money or make purchases online. But even with access data for a company’s computer system, it is possible to earn good money on marketplaces in the dark web. In rare cases, this information is stolen specifically to destroy a competitor’s reputation or to spy on trade secrets. This should not be underestimated, as there are many thought leaders and hidden global market leaders, known as hidden champions, among small and medium-sized companies in Germany. Their data is highly interesting for industrial espionage.
Phishing scammers skilfully use various psychological strategies to get their victims to reveal the desired information. Fear can be a driving factor, for example, the fear of suddenly no longer being able to work. But curiosity (‘We have a surprise for you.’), social pressure (‘All your colleagues have taken part in the campaign.’) or the desire for gain (‘Log in and receive a voucher worth £50.’) can also be effective mechanisms for obtaining the desired data. Depending on their personality, every employee is susceptible to different forms of cyber attacks. Therefore, do not let yourself be pressured and check the identity of email senders and callers thoroughly.
A good example of a successful phishing scam is the fake email from a popular bank. The victim is asked to log into their customer account as quickly as possible and confirm their identity, otherwise the company account will be blocked. If the victim is actually a customer of the bank and therefore believes the email to be genuine, they click on a link that leads to a fake website of the financial institution. There, they enter their login details and other information, which the criminals can then easily access. The emails and websites are often designed to look deceptively genuine: the design, sender’s name, salutation and signature match those of the company – only a close examination of the sender’s address and website reveals that it is a scam.
