Phishing: The email with the bait

Internet Risks

When we receive an email, we click on it. Especially when the content is interesting, surprising or worrying. Internet criminals try to exploit this with sophisticated techniques to "phish" sensitive data. Learn how to recognize a phishing attempt and what you can do to protect yourself.

iBarry is tempted by a letter on a fishing rod with a bone in it.

Phishing starts with an email

Phishers fish for information of value. Through fake emails, they try to fool you into revealing your passwords or credit card data or downloading a computer virus.

A phishing mail may submit a tempting offer or demand immediate action to make you fill in a fake form click the link to a fake website open a malicious attachment.

Phishing is the attempt to steal sensitive data through tricking a person into revealing passwords or credit card data, or downloading a computer virus. It is a double loss, as the victim loses both their data and money.

The term ‘phishing’ comes from the words ‘password’ and ‘fishing’. In contrast to fishers, phishers are not fishing for fish but for sensitive data like creditcard number, user name or password.

Recognize phishing

Some fraudulent emails look deceptively real. However, there are some points that indicate that a malefactor has cast his fishing rod. Most of the time, you won't find all of these tips, so already one should make you suspicious.

1 "PayPal Inc" [contacto@jondemon.com] - What is written before the email-address does not always correspond with the address itself. Therefore, check the email address carefully for suspicious emails.

2 Dear customer… - Don’t trust emails with general addresses.

3 Access to your account has been temporarly suspended - Be suspicious of emails requiring “immediate” action or otherwise try to put pressure on you.

4 Verify billing name, address and telephone number - Never answer email requests for passwords, pin codes, official document numbers, name and address details etc.

5 Click / Login to get started - Is there a link? Hover your mouse and discover its true destination.

6 P ayPal - Be suspicious of any email with grammar or spelling mistakes.

7 invoice.zip - Only open email attachments sent by addresses you trust and which you are expecting. Even attachements from friends or family could contain malware - their accounts could be hacked or infected.

Spam mail

E-mail spam describes mass unsolicited e-mailing of promotional content.

Email spam often contains infected attachments or links that lead to infected web pages. More about spam mail in E-Mail-Security.

Test your anti-phishing skills

Do the phishing quiz from ‘eBanking – but secure!’

Did you fall for a Phishing attack?

Don’t panic – it can happen to anyone. Depending on the information revealed, you have some options:

Get in touch with your bank and block your credit card or any transactions on your account

Contact the company or institution from which the phishing mail claims to be sent

Change all passwords that might have been stolen. If, for example, your email password has been phished, try to think which other passwords the phisher could discover with access to your email

Observe the actions on all your online accounts, such as Amazon, Facebook, etc, and report any suspicious events

Make sure your anti-virus program is up to date and initiate a virus scan on your computer

Have you detected a phishing mail or website?

Help make the internet a safer place and report it.

Additional information

National Cyber Security Centre NCSC
Phishing
US Federal Trade Commission - Consumer Information
How to Recognize and Avoid Phishing Scams
European Union Ageny For Cybersecurity
Phishing/Spear phishing

« back to top