soomz.io

How can we help you?

HIGH FIVE!

Thank you for your purchase. You will shortly receive an order confirmation by e-mail.


Let your friends know about our smart products simply and secure!
Send e-mail to friends

DAMMIT!

Your purchase couldn't be completed. Please check your entries and try again.
Happened again? Then please get in touch with our Help Desk using the contact form.

Try again Contact form

Send us your video

Phishing: Cyber thief trickery


“Your Amazon account has been locked” or “Activate your E-banking account” – most internet users are likely familiar with e-mails sporting such seemingly legitimate subject lines and senders. But what if they were actually sent by shameless data thieves?

Phishing 2.0

Until a few years ago, bad English, suspicious senders or unprofessional layouts were sure indicators that an e-mail was fraudulent. Today, even experienced users who are generally aware of these attempts at fraud may take the bait. The reason: The messages are skillfully crafted so that they may only be discovered as phishing e-mails at a third or fourth glance.

Logos and corporate design of large companies are being copied almost perfectly, their e-mail addresses are misappropriated; sometimes thieves may even stage entire company websites. These highly specialized cyber criminals shamelessly exploit the trust we place in certain companies, brands and services. Social media platforms are also being used for phishing, for example by faking company posts or messages that appear to have been sent by a friend.

The newest trend is for criminals to go as far as attempting to get a hold of the two factor authentication data (2FA) clients usually receive in a letter. The Swiss Reporting and Analysis Centre for Data Assurance (MELANI) has issued a warning concerning this scheme.

Almost as good as the original: A Phishing e-mail (in german) using Paypal’s corporate design.

Phishers and their schemes

In order to better understand phishing as a criminal method, it helps to provide a clear definition of the term. It is composed of the words “password”, “harvesting” and “fishing”, indicating the goal pursued by cyber criminals: a large-scale haul of personal data.

The scheme: sending the victim a message that requires the person to become active in various ways – changing their e-banking password, paying an invoice or confirming an account they supposedly opened in an online store, to name but a few examples. By clicking the link contained within the message, the victim will be forwarded to a fraudulent website created by the data thieves and made to look exactly like the real thing. There, they are prompted to fill in a form with their personal data.

High-precision phishing

One of the newest criminal methods, a highly targeted approach, is referred to as “spear phishing”. Criminals first gather personal information on their victims on social media or other channels. Then, in a personal message to the victim, they pretend to be an old acquaintance and try to coax the victim to click on a link in order to subsequently steal their passwords and other personal data.

The following video by the Washington Post shows just how pervasive this method has become, not even sparing celebrities and high-ranking politicians:

How to spot phishing e-mails

1. Even though the victim is supposedly a customer of the sender, they are not being addressed by their name, but rather by an impersonal greeting line, such as “dear customer”.

2. Amounts due are indicated to two digits after the point (i.e. 691.81 or 929.33 Euro), whereas real companies generally round these figures.

3. The sender address looks suspicious – it may be very long or have a series of numbers tagged onto it.

4. Misspellings. Standardized messages sent out by real companies are usually meticulously spell-checked, so spelling errors are a sign of fraud.

5. Your service provider will never send your login data for highly confidential services such as online banking via e-mail or ask you to do so.

How to protect yourself from phishing e-mails

1. The basic rule: never open attachments or click on links contained within a suspicious message! It is best to remove the e-mail completely from your inbox.

2. Only enter your username and password on websites that are encrypted. You can be sure a website has secure SSL encryption if the URL is preceded by “https” instead of only “http”. Read more here.

3. Avoid public WIFI networks (e.g. at airports or in coffee shops). There is a real risk of criminals using these networks to skim personal data that can later be used for phishing.

4. Do not click shortened URLs on social media. Services such as bitl.y or goo.gl are often used to disguise harmful links.