Phishing: How to prevent data theft

Jan 15, 2020.

Phishing is a frequent method of cyber crime that takes advantage of people's good faith and can inflict high financial losses. This article provides tips on how to recognise and protect yourself from phishing attacks, and what you should do if you do end up opening a phishing e-mail by mistake. You’ll also learn about a Swiss idiosyncrasy and find out who is liable for cases of phishing in Switzerland.

 

Communication over e-mail, transfers through online banking, and accounts with various online shops and social networks – the amount of personal data that makes up our digital footprint is growing all the time. And it is precisely this confidential information that is the target of fraudsters “phishing” for your data.

 

What is phishing and how does it work?

Traditionally, phishing takes place through e-mails that are made to look like they are from somebody else. These e-mails contain links that take the unlucky recipient to websites that have also been disguised to look like the real thing.

 

The fake website is designed in such a way that encourages victims to divulge confidential information such as user names, passwords, and account and credit card details such as PINs and TANs.

 

But these “phishers” don’t work exclusively through e-mail – text message and instant messaging services such as WhatsApp and Skype are also popular ways to send out malicious links. And that's not all: they can even manipulate QR codes to lure consumers to a website made to look like that of a bank, for example.

 

Recognising and protecting yourself from phishing attacks

“It’s always best to exercise caution with any unexpected e-mails that prompt the user to perform some sort of action. These could be from a service provided that you’ve never been in contact with before, for example,” explains Oliver Hirschi, university lecturer at Lucerne University of Applied Sciences and Arts’ School of Information Technology and responsible for the university’s “eBanking – but secure!” project, for which he worked together with his team to publish a phishing test tailored specifically to Switzerland.

 

Often, these malicious e-mails look deceptively similar to the ones you get from online stores such as Amazon or payment services such as PayPal. But there are warning signs that you can look out for to make sure you aren't caught out.

 

What should I do if I’ve opened up a phishing e-mail?

If you’ve been sent a phishing e-mail, you can report this to www.antiphishing.ch, an information portal of MELANI, Switzerland's Reporting and Analysis Centre for Information Assurance. This will help to shut down malicious websites as quickly as possible.

 

Victims of a phishing attack should immediately get in touch with the police and file a complaint. If sensitive information – such as your PIN or password – has been stolen, it is crucial that you immediately block all of your bank and credit cards and continue to keep a close eye on your bank statements for any suspicious activity.

 

Oliver Hirschi has another great tip: “From a technical perspective, it is also important to have your computer and virus protection checked over, before making sure to change all of your passwords and security questions.” To protect yourself against any further phishing attempts in future, consumers should also work with e-mail programs that do not automatically download content onto their computer when opening e-mails.

 

Phishing attacks are becoming increasingly sophisticated

In the past, phishers used to send the same e-mail to a million different e-mail addresses. Nowadays, they usually put in considerably more effort. And this doesn’t just mean copying over the corporate design just how you'd expect to see it. “There's currently a trend towards what is known as ‘spear phishing’,” Hirschi explains. “Attacks are becoming increasingly sophisticated: Attackers are reducing the size of their target groups and working hard to build the content of their phishing e-mails around these individuals. Often, attackers have information on the recipients that goes far beyond their name and e-mail address, potentially including their private and business contacts, so that they can make it look like an e-mail is from a source that they know and trust.”

 

The situation in Switzerland – and who can expect to be held liable

 

What is the situation with regard to liability in Switzerland? For Oliver Hirschi, there is only one correct way to answer this: “It depends.” Most online service providers and banks set out the extent to which the customer is generally liable in their terms and conditions. In the event of a claim, this is often examined on a case-by-case basis and in detail to find out what exactly happened before a decision is made or any further action is taken with regard to liability. All the more reason to protect yourself and cover your risks by taking out cyber insurance.

Oliver Hirschi also points to a Swiss idiosyncrasy that you should bear in mind when browsing the web from Switzerland: “The ratio of Android to iOS users is 85% to 15% worldwide.” In Switzerland, which has a particularly high number of iOS devices, it is more like fifty-fifty. For attackers, it therefore makes sense to invest in developing malicious programs such as trojans that are targeted specifically to iOS operating systems and reach your computer that way.” This means even Apple users are under threat and should take the risk of phishing attacks just as seriously as users of other operating systems.

 

 

With a little care and the right knowledge of what to look out for, you can usually recognise phishing e-mails for what they really are. The phishing checklist lists the most important points you need to bear in mind in order to protect yourself at a glance.