Phishing refers to methods used to impersonate a trustworthy communication partner in electronic communication via fake websites, e-mails or short messages. The aim of this kind of fraud is to obtain personal information of an user to carry out a malicious action. As a result, identity theft is committed or malware is installed. It is a form of social engineering in which the credulity of the victim is exploited. Phishing messages are usually sent via email or instant messaging and ask the recipient to reveal secret credentials on a prepared website or on the phone. Attempts to cope with the growing number of phishing attempts rely on changes in case law, user training and technical aids, among other things.
How to Avoid Phishing Scams
Since the HTML and Java scripts are used in most phishing e-mails, you can deactivate the HTML and Java script in your e-mail program. Also, your own e-mails should at least also be sent as plain text, so that the recipient can deactivate the HTML display in his e-mail program and thus protect himself against phishing e-mails.
The email filters of some antivirus programs can detect and eliminate phishing emails under favorable circumstances. The prerequisite for this is to keep the antivirus program up to date at all times. E-mail programs such as Mozilla Thunderbird and browsers such as latest Internet Explorer, latest Mozilla Firefox or latest Opera also warn against phishing sites. The phishing protection is either based on a blacklist, which is updated via the Internet, or typical characteristics of phishing e-mails such as references to IP addresses or references with a different host name than in the reference text are checked.
For some time now, more and more credit institutions have been using Extended Validation SSL certificates (EV SSL certificates) in Internet banking. In the address bar of current browsers (e.g. Internet Explorer 9, Mozilla Firefox 7.0.1), a field is also displayed in which certificate and domain holders are displayed alternately with the certification authority. In addition, depending on the browser used, the address bar is colored green. Internet users should thus recognize even faster whether the visited website is genuine and thus be better protected against phishing attempts.
There is also a way for Microsoft Outlook to protect yourself from dangerous phishing. A toolbar is integrated into Outlook, and every incoming e-mail can be checked for dangerous references and suspicious headers. Toolbars and e-mail filters, which are based on blacklists, are inherently dependent on their up-to-dateness. This significantly limits their effectiveness in the event of new phishing attacks.
A phishing-resistant way to carry out online banking transactions is to use the signature-based HBCI procedure with a chip card. This variant of online banking is also very convenient, as there is no need to enter TANs. A further security gain is the secure PIN entry (assuming appropriate chip card reader with its own PIN pad), in which eavesdropping on the PIN entry with a keylogger or Trojan is not possible. On the other hand, there are the disadvantages of a software installation for HBCI, the necessary installations for the card reader in the operating system and thus the lack of mobility. Even though no massive attacks against HBCI have been observed so far, the method naturally only offers a high level of protection if the underlying operating system is free of malware such as Trojan horses. FTC.gov suggested:
The message could be from a scammer, who might
- say they’ve noticed some suspicious activity or log-in attempts — they haven’t
- claim there’s a problem with your account or your payment information — there isn’t
- say you need to confirm some personal or financial information — you don’t
- include an invoice you don’t recognize — it’s fake
- want you to click on a link to make a payment — but the link has malware
- say you’re eligible to register for a government refund — it’s a scam
- offer a coupon for free stuff — it’s not real