Phishing and Pharming
Typical computer attacks are prepared by phishing and pharming.
Phishing means the theft of passwords via the Internet. It is mostly done by e-mail. Phishing e-mails are disguised as a serious message, e.g. from a bank, and ask the recipient to update personal data, passwords or PINs. The fraudsters can then use the data to plunder accounts unhindered. This is one of the most common types of online crime. Each individual advance can reach several million Internet users.
In Spear phishing, the victim is specifically selected. This can also be you! All hierarchical levels, from clerical and assistant to management level, are targeted.
In Pharming, the attack consists of redirecting an Internet address entered into the browser to another page without being noticed. Although you have typed in the correct Internet address, when you call up the website, it is automatically redirected to the attacker’s site! Viruses are then lurking there or they want to query your account access data without authorization.
How to behave correctly:
- Inform yourself about the latest phishing warnings via the ITMC report page. If a suspicious (phishing) email appears to be still unknown, inform the SIC or the Service Desk of the ITMC about it. Phishing emails that are already known should be deleted.
- Always look for the “who area” of a web link before clicking on it. To learn how to identify the who section of a URL, see the No-Pish video from the SECUSO research group.
- Never enter secret data such as passwords, account data, PIN or TAN after calling up a link from an e-mail.
- Passwords, PIN and TAN should only be entered on the original servers of the credit institution - it is best to always type in the Internet address!
- Make sure you spell the address correctly.
- Caution: Bank employees should never ask you for your password or request you to update your personal data by e-mail!
- If necessary, check the validity of the web server certificate.
- Further tips on how to deal correctly with phishing attack attempts are available in our Web Offer.
How to check the validity of the web server certificate for a web address will be explained later. later.
Phishing = password theft via e-mail
Pharming = redirection of a frequently used website to a maliciously modified one