What is phishing?
Phishing is the attempted identity theft on the Internet. As a user of fake e-mails, you are directed to fake websites to collect your usernames and passwords and then make money transfers or orders on your behalf. The word phishing comes from the English word fishing and the initial letters ph instead of f are the abbreviation for password harvesting.
A short film explains it very impressively: https://youtu.be/4xIU1lPJs_4] (German with English subtitles)
The fraudsters don't seem to be strangers any more, but they are persuaded to be someone you already trust. For example, your online payment service; your bank or your friend. The scoundrels try to get you to click on a link with "real" and "official" looking letters. This will land you on another fake site that looks like the real one, from the tax office or your savings bank. If you log in here, the scammers will have your username and password. They can now withdraw money from your account on the real site, order expensive items in your name, or otherwise make your money easier.
Another method is to use the wrong link to download malware to your computer. Then the criminals have control over your computer and can steal your data to abuse it. Or write to your friends on your behalf from your PC and plunge them into financial misery. Or encrypt important files and demand a ransom for your password.
How can I protect myself from phishing?
- Read e-mails in text-only mode
- Open attachments with the necessary care (who is the sender? do you expect the attachment? is there a connection to the content of the e-mail? would the sender have named the attachment that way? is the file format correct?)
- Take a close look at links before clicking on them:
- Identify the who area in the web address.
- Check whether the Who area has a reference to the (supposed) sender and the content of the message. The following web addresses pretend that they lead to my-parcel-service.co.uk. You can see where they lead from the who area.
- Check that the who range is spelled correctly. Delete the message if you find an error as in the following examples.
- www.my-parcel-srevice.co.uk (spelling misspelled)
- www.secureqay24.de (mirrored p/q)
- If you cannot clearly judge the who range, you should obtain further information, e.g. by searching the address in a search engine.
How can I protect my friends from phishing?
- Send your e-mails in text-only mode
- Sign all outgoing emails with a digital signature (proof "This is real from me.")
- Inform your recipients e.g. in the footer about it (e.g. "With the digital signature your e-mail program recognizes that this message comes safely from me and has arrived unchanged. Further information see wiki.cacert.org/Phishing")
Some of these instructions are only available in English. As a member of the CAcert community, you are welcome to translate individual pages or manuals into your own language (not only that mentioned above).
Install CAcert e-mail certificate in ThunderBird.
Install e-mail certificate from CAcert in Outlook].
Install the CAcert e-mail certificate in Samsung eMailApp.