- Clearways to detect phishing
- Practical tips to protect yourself and your data
- Clear information about what victims of phishing can do
- Clear ways to identify fake e-mails
- Effective ways to create more security awareness More info
5 Course Chapters
Every course module you find here can be used as a short learning unit – also called Learning Nugget. Do you have any questions about the course content? – We would be glad to help you.
Course Insight
Identity theft: How criminals can obtain personal data
What is phishing? "With phishing, cyber criminals play on intimidation, a lack of trust and the lack of technical understanding of potential victims," explains the German Federal Office for Information Security (BSI) on its website. The scheme of phishing attacks is always the same: Internet users receive a fake e-mail that contains a link to a fake website, for example. There, they are then supposed to enter access or payment data. "Criminals can thus get hold of your login data for online banking or web stores - sometimes unnoticed," warns the BSI under the heading "Bank fraud in the inbox."
This already partly answers the question "What is phishing". However, this text will show how diverse phishing methods can be. This much can be revealed: It's about rich princes, the fortunes of lonely widows and lottery winners worth millions.
Phishing: the unnoticed harvesting of confidential data
But how did the term phishing come about in the first place? Phishing is a neologism made up of the words "password harvesting" and "fishing". That fits. After all, the main interest of the criminals who carry out a phishing attack lies in fishing for the confidential data and personal information of their victims without being noticed.
If you're looking for a short and snappy phishing definition, you can look it up in the dictionary. The term has been listed in the Duden dictionary since 2006. There, under the keyword "phishing", the following can be found: "Obtaining other people's personal data (such as password, credit card number, or similar) with fake e-mails or websites".
The phenomenon of phishing is older than the Internet
It sometimes takes a long time for the Duden editors to add a new word to their reference work. And, yes, phishing is not a new phenomenon either. Long before the Internet became a mass medium, fraudsters were trying to gain the trust of gullible people in order to obtain their confidential data - for example, by making a telephone call. This was tedious and time-consuming: If a scam phone call lasts an average of just under five minutes, a fraudster would have to spend around 8,000 hours on the phone to reach 100,000 people.
The Internet then opened up entirely new possibilities for criminals. Today, with just a single mouse click, they can send 100,000 fraudulent emails within seconds.
Phishing scammers were already online in the 1990s
The first forms of phishing already existed on the Internet in the 1990s: Users of instant messengers received a letter addressed to their mail address asking them to type their access data into an online form. Anyone who fell for this and disclosed their data had a problem. The scammer was able to use the information to view all of the victim's chat histories and use the user account under their name from then on.
It became even more threatening when online banking became more popular. The possibility of carrying out one's financial transactions on the screen is convenient - but also associated with certain risks. Phishing scammers took advantage of this. They sent official-looking phishing e-mails to the e-mail addresses of potential victims. In the letters, they asked users to provide log-in names or passwords as well as PIN and TAN numbers. Anyone who was not able to recognize the phishing mail and went into the scammers' net had bad cards. With the foreign access data, the fraudsters were able to empty accounts in rows. In fact, there are still phishing attacks that follow this pattern. And Internet users are still falling for them.
Protection against phishing: reduce the risk with caution and forethought
If a phishing attempt occurs, caution is advised. Unlike a sophisticated hacker attack, the average user has a chance to defend himself against phishing. In phishing, the weak point is not technology, but people. If you use the Internet with care and caution, you reduce your personal risk of falling into the trap of phishing scammers. This applies not only to private Internet use, but also - and especially - to professional Internet use.
Business processes have long been conducted digitally at all levels. The fact that employees are increasingly working from home offices presents companies with an additional challenge. Employees must be able to recognize phishing attempts. To raise their awareness of threats such as phishing, for example, an e-learning course can be helpful.
In the worst case, phishing leads to a complete shutdown of operations
In Security Island's online training, participants learn, for example, that phishing attempts do not only take place via e-mail. Social networks, instant messages or SMS are also used by fraudsters. Such knowledge is helpful. If an employee is caught up in a phishing attack, massive damage could result. Sensitive company and customer data are then at risk, and even complete business interruptions are conceivable.
Warnings against phishing have been issued for years. Nevertheless, the warnings often come to nothing because Internet users click on buttons or links without thinking twice. Even IT experts are not safe from this. Even they may click on malicious links in deceptively genuine-looking e-mails or on a fake website.
Excerpts from the Security Island e-learning "Phishing - Safe from digital data theft".
Phishing attacks: Examples from practice
Practical examples show what this means. A phishing attack often begins quite innocently: For example, a message from a rich prince from abroad lands in the e-mail inbox, asking whether one could help transfer a larger sum of money to Europe with a small start-up financing. As a thank-you, the solvent nobleman promises a handsome commission. It should be clear to every Internet user that this is a tall tale. Nevertheless, there are always people who carelessly transfer money to the "prince" - and then never hear from him again.
Another phishing scam goes like this: A supposed "lawyer" pretends to be looking for the heir of a rich widow. His letter arrives by e-mail and looks deceptively genuine. Letterhead, seal, logo, postal address - everything is there. And yet it is a fairy tale. Anyone who contacts the "lawyer" and allows himself to be taken in by him is already heading for disaster. The alleged lawyer then demands, for example, that the "heir" set up a new account and disclose the data in order to receive the estate. He only learns that this account is then used for criminal activities when it is too late.
Another example of phishing is the so-called lottery scam: A high-quality fake letter from a lottery company in Spain lands in the mailbox. In it, the recipient is promised a huge prize. If the scammers send this letter 100,000 times, they can expect around ten recipients to click on a link in the mail to claim their winnings. By clicking on the link, they install spy software on their computer unnoticed and are now at the mercy of the criminals.
Recognizing phishing attempts thanks to good preparation
It turns out that anyone can fall victim to phishing - and the best protection against this form of identity theft is common sense. The examples just described still belong to the easy-to-see cases. It can be much more perfidious. Only those who are aware of the fraudsters' methods can recognize a phishing attack. One way to make yourself or your employees aware of the issue is to take an online course on phishing. Such courses are offered by Security Island. In the e-learning training, the topic of phishing is made understandable with many practical examples. Participants also learn how to behave in the event of a phishing attack.