What is phishing?

Phishing refers to the process of obtaining sensitive data through deception. A wide variety of media are used for this purpose, but in most cases a phishing attack is carried out by e-mail. The target person is given the impression of being forced to act due to fictitious circumstances, such as a request to change a password as a result of suspicious activities. This false sense of urgency causes the target to be careless and become inattentive, resulting in the deception attempt going undetected and sensitive data flowing to the attacker

It is important to understand that phishing targets the human element in technology and that the risk of such attacks can thus only be reduced - but not prevented - by technical means such as spam filters.  

We help you to identify possible risks within your company in time and to ensure that your employees and your data remain safe by means of realistic phishing simulations and targeted awareness training.

[Translate to English:] er  Ablauf bei Phishing-Angriffen

Risks arising from phishing attacks

Advancing digitization is widening exposure to the risk of phishing attacks and more serious threats in the event of a successful attack. Depending on his intent, the attacker may inflict different types of loss on the target person, customers or the entire company.

Data leakage

In many cases, phishing attacks aim to obtain sensitive data such as login or payment information from the target employee. Attackers can then use this information to access other data, such as other employee data or even customer details. 

The consequences for the company range from the loss of valuable proprietary information to serious financial damage, not to mention the media uproar, which can lead to the loss of customers. Depending on the type of data gained, there may also be personal consequences for employees or customers, resulting in identity theft and wire fraud for the individuals affected.

Malware

E-mail attachments and download links are another common scenario for attacks. When the target employee opens an infected attachment, malicious code that is embedded in the attachment is executed on the employee's computer. This malicious code can have various purposes but often takes the form of ransomware, which encrypts all the data on the hard drive and demands a large sum of money as a ransom for decryption.  

In this case, the company faces large financial losses. It can also cause downtimes or compromise systems due to the execution of the malicious code. Cleaning up infected systems is also a time-consuming and costly process. In addition, the incident may also attract media attention, leading to customer defection and thus to financial losses.

[Translate to English:] Datenabfluss bei Phishing-Angriffen
[Translate to English:] Der Einsatz von Schadsoftware

Benefit from best practices in cyber security from over 30 years of experience in developing highly secure satellite systems.

Contact us for no-obligation advice on pentest, awareness training and vulnerability analysis!

Phishing comes in several forms

The most widespread form of phishing involves the use of generic e-mail messages that are sent to different people. The focus here is on a broad target group, as this potentially gives the attack a greater chance of success.

 

[Translate to English:] Icon für Spear-Phishing / Whaling
[Translate to English:] Icon für Vishing
[Translate to English:] Icon für Smishing

Spear phishing / whaling

Spear phishing targets only a single person. Precise information about the target person is used to create a customized e-mail message, which appears to be trustworthy and suggests authenticity due to its level of detail. In contrast to classic phishing, the malicious e-mail is not sent to various people but only to the person for whom it has been tailored. 

Whaling is a special form of spear phishing, in which a management or executive officer in a company is targeted.

Vishing

The term "vishing" is a combination of the words "voice" and "phishing" and refers to the acquisition of sensitive data through telephone calls. By imitating other people, an attempt is made to verbally persuade the target person to disclose private data. Attackers pretend to be employees of a company in order to justify their demand for personal data and to allay the target person's suspicions.

Smishing

The term "smishing" is composed of the abbreviation "SMS" and the word "phishing" and refers to the acquisition of sensitive data by sending SMS messages. This is done in a similar way to conventional phishing by e-mail. Parcel deliveries, for example, are used as a cover to deliberately trick the target person.

How can we help you?

Through individual, realistic simulations of phishing attacks, we can help you assess the current security level of the human component of your company. For this purpose, we conduct a phishing campaign adapted to your requirements and, based on the analysis of the results, develop individual options for improving security within your company to protect it from malicious attacks in the future. 

We appreciate the individuality of your company and therefore create customized campaigns that are carefully adapted to your specific circumstances and needs. Based on your data protection guidelines and compliance procedures, we can adapt our simulation accordingly and, thanks to the solution we deploy, perform evaluations without any personal data. You also receive a detailed report after the completion of our simulated phishing attack, which sets out a variety of key performance indicators (KPIs) and corresponding metadata that are relevant to you.  

If a phishing attack simulation is not an option for you, we also offer targeted training for your employees and management officers, in which we address specific risks for the respective person, practise the early detection of phishing attempts and, based on this, design and suggest measures for everyday work.

Does this sound interesting for you and your company?
If so, get in touch with us.