What Is Phishing?

So, what is phishing? Phishing is a serious every-day internet safety threat that can cost you thousands of dollars and ruin your credit rating.

Hackers send you a fake email or other communication that pretends to be from your bank or another institution you trust. When you follow the instructions inside the email, you inadvertently give your bank login information to the attacker. The attacker can then steal all of your money at his leisure.

Phishing attacks count for a lot of the spam sent these days, so you may have seen one. Most phishing attacks are after your bank username and password, although less popular attacks target any information of yours that can be used to make money.

what Is Phishing

Phishing: How To Protect Yourself

One of the easiest ways to protect your yourself from a phishing attack is to use anti phishing software. There´s a lot of anti phishing software around and they come in all kinds of flavors. It might be even included in one of your already locally installed programs like...

...and many more.

Most of them make use of an internet-based or locally held database where known phishing internet addresses are stored (although some security software products might use another approach). The anti-phishing software will check each of your attempts to connect with another computer with this database.

In case of a match, your chosen product will then react as programmed and configured (e.g. automatically blocks the connection, raises a popup window and asks for explicit user confirmation to establish the connection, and so on) and possibly saves your day.

However you should be aware that those anti phishing databases are not able to cover all those current phishing internet addresses. The reason behind is simple.

Those phishing sites must be first detected by somebody before your database can be updated and this might take some time. For that reason it is easy to understand that no anti-phishing software product offers a 100% percent protection against those kinds of attacks.

What is phishing email?

To overcome this limitation I strongly recommend that you learn how to identify what is phishing email. Be alarmed if the email....

  • Subject is related to some kind of security (e.g. verification of login credentials or TAN numbers, optimization of home banking security procedures). No bank on this planet will ever ask you for the verification of your PIN or TAN numbers in any way.
  • Signals urgent need for action (e.g. your bank account will be locked soon, your email account will expire, your tax declaration needs an update, somebody hacked your account)
  • Contains a generic greeting. Most attackers use randomly generated destination email addresses in bulk not knowing who the owners of the mail accounts are.
  • Contains a lot of misspelling or grammatical mistakes. A lot of attackers operate from overseas and are not familiar with your native language.
  • Doesn´t pass your sender email address verification. It is easy to fake an official looking sender email address but it can be validated easily by checking the email message header.
  • Includes (mostly blue underlined) links to trusted websites. Never click on those links, especially if they point to financial sites such as PayPal.com and your bank. Defrauders fake the real target of those links. You can only identify the real target of those links by looking into the source code of that email (watch for lines starting with a < A HREF="..."> HTML tag).

If you are still unsure if the provided link is related to a phishing attack, query the public phishing database from PhishTank and create a ticket for free (if needed).

Be aware that even for experts like me it is sometimes hard to differ between authentic emails from phishing emails. So, it's not always easy to see what is a phishing attack and what not. Therefore improve your skills to identify phishing attacks and learn how to prevent phishing.

[Homepage] [Internet safety]

[What is phishing]

Return to top