How to avoid the phishing net?

Published: 17 August 2018

Phishing is a form of internet fraud by which fraudsters try to get personal data, raise money or infect the unsuspected user’s computer with a virus. Their misleading intention can easily be unveiled if we know what to look for.

Adathalászat, illusztráció: adathalász hekker maszkban mobiltelefonról lop adatokat

The senders of phishing e-mails most often make use of the publicity of commonly known and trusted companies, e-commerce websites or online payment service providers. By copying the websites of such companies, fraudsters try to win the trust of users and gain access to their personal data such as their username, password, social security number, bank account number, PIN code or credit card number.

Phishing e-mails try to get the recipient to click on a link. If he does, he will find himself on a website that is very similar to that of a well-known company, complete with all the visual elements (colours, logos). These websites are typically simpler and clearly more primitive than the official websites. The misleading website is operated by phishers, who use it to try and ask for and thus steal personal data. Cybercriminals work hard to make these fake websites and phishing e-mails look similar to the interfaces and e-mails familiar to users. However, there are some telltale signs that help identify fraud.

How can I recognize phishing e-mails?

  • The email is sent from a private e-mail address or the sender’s email address bears striking resemblance with the official e-mail address of a trusted company.
  • For example: no-reply@telekom.com; telekom@noreply.hu; noreply@dijnet.hu
  • Usually the subject of the letter may already raise suspicion.
  • For example, if you read this in the subject field: “This is very important.” or “Do not delete the e-mail without reading!”
  • The salutation used in the phishing mail is general, it does not include the recipient’s name.
  • For example: “Dear Customer”
  • In many cases, the text of the e-mail is prepared using machine translation, so it contains incorrect wording and spelling mistakes.
  • For example: “Can now pay bill bank card or bank account simple way and safe”
  • The e-mail was sent on behalf of a provider that the user has no contact with, or the message refers to a purchase that has not taken place.
  • The link in the phishing e-mail looks similar to the URL of the original website, but after clicking on the link, the title bar is completely different, which is called website hijacking.
  • You must be especially suspicious if the e-mail informs you that you won a significant amount on a lottery and the sender of the e-mail asks for your bank account number, name and address to be able to transfer the amount.

Phishing e-mails typically call for actions like these:

Pay the outstanding balance on your account.

To make a payment, please enter your credit card details below.

Update your password.

For security purposes, change your password.

Failed financial transaction.

Log in to your account, otherwise your account will be deleted.

Your e-mail address was drawn in a lottery; please contact us.

You are the lucky 100th customer; please contact us.

How can you identify phishing websites?

The most telling sign of a phishing website is that the browser’s address bar does not point to the official website of the company but rather to a similar URL for deception.

This website does not have a certificate, i.e. it is less protected against data theft if its URL includes only “http” instead of “https”:

Adatvédelmi szempontból nem biztonságos, http protokollt alkalmazó weboldal, illusztráció

Websites with a trusted certificate and a URL that starts with “https” usually display a small lock or some other green icon in the browser’s address bar:

Adatvédelmi szempontból biztonságos, https protokollt alkalmazó weboldal, illusztráció

However, the certificate of the https protocol, although it is a more secure interface, only means that the particular URL is actually owned by the person applying for the certificate, which in itself unfortunately does not exclude the intent for fraud.

What to do with phishing e-mails?

  • Do not respond to suspicious, phishing e-mails.
  • Do not click on the link in the phishing mail, and even if you did, do not enter your data on the phishing website to which the link directed you. The easiest solution is to delete the e-mail from your mailbox.
  • If you have accidentally made a payment based on a phishing e-mail, we recommend you contact your account managing bank immediately.
  • You can also mark a phishing e-mail as spam, so future e-mails from the sender will be placed in the Spam folder without interfering with your e-mailing activities. If you have a Gmail account, follow these steps: https://support.google.com/mail/answer/1366858?co
  • In Gmail you can mark suspicious e-mails as phishing e-mail: https://support.google.com/mail/answer/8253?hl=hu
  • Since phishing e-mails are sent in great numbers, and large corporations affected generally become quickly aware of such phishing attempts, you should visit the official website of the company concerned to learn where and how to report phishing attempts.

Relevant information provided by companies faced with phishing attempts more than the average:

Díjnet: https://www.facebook.com/Dijnet/photos/a.145615466112125.1073741828.144551986218473/173033666703638/?type=3&theater

Extreme Digital: https://edigital.hu/tajekoztatas

Google: https://support.google.com/mail/answer/8253?hl=hu

K&H Bank: https://www.kh.hu/teendok-adathalasz-email-eseten

Magyar Telekom: https://www.telekom.hu/rolunk/vallalatrol/felhivasok/adathalaszati-kiserlet

MKB Bank: https://www.mkb.hu/az-mkb-bankrol/kozlemenyek/sajtokozlemenyek/adathalasz-tamadas-friss-informaciok

OTP Bank: https://www.otpbank.hu/portal/hu/Adathalaszat

Telenor: https://www.telenor.hu/aktualis-visszaelesek-kezelese

Wizz Air: https://www.facebook.com/wizzaircom/posts/1697634743647271