Phishing

TL;DR: A method in which an attacker uses fake emails, websites or messages to gain access to confidential information.

Phishing is a form of fraud in which attackers attempt to steal sensitive information such as usernames, passwords, credit card details or other personal data by posing as trustworthy entities. This is usually done via fake emails, websites or messages that aim to deceive victims and trick them into revealing their confidential information.

Characteristics of phishing:

  1. Fake identities: Phishing attacks use fake emails or websites that look like they come from legitimate sources such as banks, social networks, online shops or other trustworthy organisations.
  2. Urgency and fear: Phishing messages often create a sense of urgency or fear in order to tempt the victim to act quickly and rashly. Examples include threats such as "Your account will be blocked" or "Unusual activity detected".
  3. Request confidential information: The attackers ask for sensitive information to be entered or confirmed, often via a link provided that leads to a fake website.

Common phishing methods:

  1. Email phishing: The most common form of phishing, in which attackers send fake emails that mimic legitimate companies or people. These emails often contain links to fake websites or attachments with malware.
  2. Spear phishing: A targeted form of phishing where the attackers target specific individuals or organisations and create personalised messages based on the information gathered about the target.
  3. Smishing: Phishing attacks that are carried out via SMS messages (text messages). These messages often contain links to fake websites or request immediate action.
  4. Vishing: Phishing attacks that are carried out via telephone calls. The attackers pretend to be representatives of trustworthy organisations and demand personal information.
  5. Clone phishing: The attackers create a copy of a legitimate email that the victim has previously received and replace the links or attachments with malicious versions.

Protective measures against phishing:

  1. Education and awareness: Training and sensitising users to the characteristics and dangers of phishing attacks.
  2. Be careful with links and attachments: Be suspicious of unexpected emails, messages or phone calls requesting personal information or containing suspicious links and attachments.
  3. Verification of the sender address: Verification of the sender's e-mail address and the URL of websites to ensure that they are genuine and correct.
  4. Multi-factor authentication (MFA): Implementation of MFA for additional security to protect access to accounts even with stolen credentials.
  5. Security software: Use of anti-virus programmes, email filters and other security tools to detect and block phishing emails and malicious websites.
  6. Regular updates and patches: Ensure that all systems and software are up to date to close known security gaps.

Conclusion:

Phishing is a widespread and dangerous form of cyber fraud that aims to steal sensitive information from victims. Through vigilance, training and the use of appropriate security measures, individuals and organisations can significantly reduce the risk of falling victim to phishing attacks.

Still have questions?

Please feel free to contact us!

Contact us

Secure your IT now!

  • Extensive experience in the field of offensive security
  • Clear communication
  • Concrete solutions

The colleagues at Laokoon were on hand to answer any questions we had and provided uncomplicated support.

Team Leader Development

Penetrationtests

AttackSimulations

Trainings

Further information