Similar fraud attempts such. B. “the grandchild trick” has existed before. The beginnings go back to the late 1990s.
ICQ users were asked by e-mail to enter access data. The hackers were thus able to use the chat access under a false identity.
The first attacks in online banking began with letters that looked official and were sent as e-mails. By transferring data such as username, password, PIN and TAN, money transfers could be made quickly.
Fake e-mails, websites and even short messages are used to try to get personal data from a “user” in order to steal their identity.
The aim of the scam is mostly that plunder account and thus harm the “user”. Since this exploits the naivety of the victim, this method is a form of Social Engineering.
Under this attack means one targeted attack. It derives from the English translation of the term spear. Attackers obtain the e-mail addresses of the students from the student council of a university in order to send them a targeted phishing e-mail in the corporate design of a local bank.
The "hit rate" is higher because the probability that a student has his bank details at this institute is very high.
With the help of "Trojan horses“ you put yourself physically between the communication of the customer and the bank (Man-in-the-middle attack). Traffic can be tapped so that it never gets to the bank. Phishing attack targets are access data for:
Online banking or online payment systems (e.g. PayPal). Attacks are carried out on the following facilities:
An HTML email allows you to create emails graphically using web design. The link text represents the original address, but in reality the invisible link target is linked to the address of the fake website (Link spoofing).
The ambiguity of visible characters can be exploited in emails as well as in websites. This misleads the user about the real address of the sender of an email or the real URL of a website.
The link visible in the e-mail program can actually refer to a completely different website with the integration of HTML. Information about this can also be falsified using script techniques if the e-mail program executes such scripts. In other cases, the link is displayed as a graphic in order to make text recognition more difficult using automatic filter systems. Text then appears on the user's screen, but this is a graphic.
In phishing, the sender's email address is often faked to make the email look more genuine.
Fake sites are very difficult to identify as fakes. Similar-sounding names or designations, such as the official pages or companies, are typical for fake landing pages.
With the possibility internationalized domain names in URLs to use, new possibilities for URL spoofing.
Example
Original address: http://www.ue-nationalbank.rlp.de/
fake: http://www.ü-nationalbank.rlp.de/
General tips IT security to phishing emails.
One should be able to discern the hallmarks of phishing by displaying a healthy level of suspicion. An e-mail without a salutation and in bad German that urges you to do something is an indication of this. This e-mail usually has a fake sender URL from abroad.
We use cookies, and Google reCAPTCHA, which loads Google Fonts and communicates with Google servers. By continuing to use our website, you agree to the use of cookies and our privacy policy.