Social Engineering and Phishing
The term "social engineering" refers to an attack, in which the technical aspect is rather less important and the social component is more important.
The aim of such an attack is to obtain personal data from the victim by targeted deception. Often the perpetrators fraudulently get the trust of their victims first, so that they can then get hold of the desired data.
- You should develop a healthy mistrust of unsolicited phone calls or emails in which you are requested to divulge confidential data.
- Do not divulge any personal or corporate information, irrespective of what the caller or sender of the email claims.
"Phishing" stands for the fraudulent acquisition of login/password combinations, bank account or credit card data, in which the victim is lured to a fraudulent website and persuaded to enter the said data. Often the perpetrators' sites are perfect copies of the genuine sites, which can scarcely be differentiated from the original.
- A quick look in the address line of the internet browser can often indicate whether the website is genuine. Often the enticing emails contain a link, which leads to the perpetrator's server. Under no circumstances should you click on this link. Increased security can be obtained by entering the website address of the desired banking or other such login page by hand or linking to it via a browser bookmark.
- The HTTP filter contained in the G DATA security products has an AnitPhishing component, which warns a user if he is accessing a phishing website and prevents access to the site.
- A good dose of healthy mistrust is an effective weapon for successful protection against phishing attacks. Challenge calls and mails which purport to come from your bank. Your bank would never ask for your PIN or TAN number (German banking security number) because it was carrying out "maintenance work".
If you think you have been the victim of a phishing attack, do not hesitate to inform your bank and the police.