Phishing

"Your account has been temporarily restricted", followed by a button saying "Login and verify" - this is how the mails are designed to steal your passwords in phishing. Phishing is one of the biggest threats to internet users and one of the most popular forms of cybercrime.

But what is phishing actually?

The term is made up of the two words "password" and "fishing". The aim of phishing attacks is to obtain private data from unaware users. This includes passwords, credit card numbers, account information and access data. 

Fishing for passwords covers a wide range of offences. They range from simple theft to illegal account debits.

Inexperienced users are lured by legitimate-looking emails from fake websites. These are deceptively genuine imitations - banks or other payment institutions are often affected. Links then take users to the websites and ask them to enter data - often with the pretext of updating data after an account has supposedly been blocked. The spam mails reach users from all over the world. If you fall for the deception, fraudsters obtain secret access data in order to withdraw money from your account without authorisation or to transfer it to another account. But beware: the fact that there is neither a logo nor an imprint in the footer indicates that the e-mails are dubious.

In addition, unsolicited text messages or messages from an app can also be dangerous. Links that enable password theft can also be included here - this is called SMS phishing.

The money is then often debited through intermediaries, so-called straw men. They are tricked by the perpetrators with tempting commissions or under false pretences into making their accounts available for transactions. The money captured by the phishing attacks is then booked to the account of the middlemen, withdrawn from there and deposited in a transfer bank account, transferred further and finally withdrawn in cash somewhere abroad.

Almost impossible to see through: Pharming

Pharming is a special form of phishing. Here, the user is additionally directed to a fake website unnoticed by manipulating central servers. Here, attempts are made to spy out passwords, PINs and other confidential data. Pharming is almost impossible to see through: DNS servers are manipulated in such a way that even if the user enters a URL in the browser, he or she is no longer taken to the original page, but to a deceptively genuine copy of it. 

In addition to pharming, there are also other phishing variants. In spear phishing, the mails are not sent en masse, but targeted to a specific group of recipients. Whaling, on the other hand, directs its attack directly at high-ranking executives.

But how can you do something about it?

Vigilance is the best protection - you can protect yourself from data theft with the following points:

1. Updating antivirus software
2. Independently enter the Internet address of banks, do not follow any links
3. Use encrypted connections (padlock and "s" in "https")
4. Checking the security certificate of the websites
5. Do not give out passwords, PIN or TAN numbers
6. Regular monitoring of account activity
7. Awareness of card blocking and deactivation of the online banking account

Phishing-Radar

Banks remain popular targets for phishing attacks. Among them, customers of the Sparkasse, Volksbank and DKB are particularly frequently affected.