What is phishing?

Phishing describes the process of obtaining sensitive data by deceiving the communication partner. A wide variety of media are used for this purpose, but in most cases a phishing attack is carried out by e-mail. The target person is given the impression of being forced to act by fictitious circumstances, such as a request to change a password due to suspicious activities. This false sense of urgency causes the target to be careless and become inattentive, resulting in the deception attempt going undetected and sensitive data flowing to the attacker

It is important to understand that phishing targets the human element in technology and thus protection against such attacks can only be supported - not prevented - by technical measures such as spam filters.  

We help you to identify possible risks within your company in time and to ensure that your employees and your data remain safe by means of realistic phishing simulations and targeted awareness training.

[Translate to English:] er  Ablauf bei Phishing-Angriffen

Risks due to phishing attacks

Increasing digitalization provides a larger attack surface for phishing attacks and, at the same time, more serious dangers in the event of a successful attack. Depending on the attacker's intent, different types of damage can be caused to the target person, customers, or the entire company.

Data leakage

In many cases, phishing attacks aim to obtain sensitive data such as login or payment information from the target employee. Attackers can then use this information to access other data, such as other employees' data or even customer data. 

The consequences for the company range from valuable, stolen company internals to serious financial damage and also media uproar, which can lead to the loss of customers. Depending on the type of data captured, there may also be consequences for employees or customers in their private lives. This can result in identity theft and wire fraud for affected individuals.

Malware

Mail attachments and download links provide another common attack scenario. When the target employee opens a malicious attachment, malicious code is executed on the employee's computer, which the attacker has embedded in the attachment. This malicious code can have various purposes, but often it is a so-called ransomware, which encrypts all data on the hard drive and demands a large sum of money as a ransom for decryption.  

In the case of ransomware, large financial losses loom for the company. It can also cause downtime or compromise systems due to executed malicious code. Cleaning up infected systems is also a time-consuming and costly process. In addition, the incident is also the subject of media coverage, which can lead to the loss of customers and thus to financial losses.

[Translate to English:] Datenabfluss bei Phishing-Angriffen
[Translate to English:] Der Einsatz von Schadsoftware

Benefit from best practices in cyber security from over 30 years of experience in developing highly secure satellite systems.

Contact us for a no-obligation consultation on the subject of pentest, awareness trainings or vulnerability analysis!

Phishing comes in several forms

The most widespread type of phishing is carried out by generic mails that are sent to different people. The focus here is on a broad target group, as this potentially gives the attack a higher chance of success.

[Translate to English:] Icon für Spear-Phishing / Whaling
[Translate to English:] Icon für Vishing
[Translate to English:] Icon für Smishing

Spear-Phishing / Whaling

In spear phishing, exactly one person is targeted. Precise information about the target person is used to create a customized e-mail, which appears trustworthy and suggests authenticity due to its level of detail. In contrast to the classic phishing approach, the malicious e-mail is not sent to various people, but only to the person to whom the e-mail was tailored. 

Whaling is a special form of spear phishing in which a person from a management or executive level in a company is targeted.

Vishing

The term "vishing" is composed of the English word "voice" and the word "phishing" and describes the acquisition of sensitive data through telephone calls. By imitating other people, an attempt is made to verbally persuade the target person to disclose private data. Attackers pretend to be employees of a company in order to justify their demand for personal data and to prevent the target person from becoming suspicious.

Smishing

The term "smishing" is composed of the abbreviation "SMS" and the word "phishing" and describes the acquisition of sensitive data by sending SMS messages. This is done in a similar way to classic phishing by e-mail. Parcel deliveries, for example, are used as a cover to deliberately trick the target person.

How can we help you?

Through individual, realistic simulations of phishing attacks, we can help you determine the current security level of the human component of your company. For this purpose, we conduct a phishing campaign adapted to your requirements and, based on the analysis of the simulation results, develop individual improvement options for security within your company to protect it from malicious actors in the future. 

We appreciate the individuality of your company and therefore create customized campaigns for you, which are exactly adapted to your circumstances and needs. Based on your data protection guidelines and compliance procedures, we can adapt our simulation accordingly and, thanks to our deployed solution, perform evaluations without personal data. You also benefit from a detailed report after the completion of our simulated phishing attack, which features a variety of key performance indicators (KPIs) and corresponding metadata that are relevant to you.  

If a phishing attack simulation is not an option for you, we also offer targeted training for your employees and management positions, in which we address specific risks for the respective person, practice the timely detection of phishing attempts and, based on this, design and suggest measures for everyday work.

Does this sound interesting for you and your company?
Then get in touch with us.