What should I do if I got to this page through a phishing message? There is no need for action, you can simply delete the phishing message.
However, please read the information on this page carefully so that you can better identify phishing message in the future. - Because employees are the most important line of defence against attackers!
Many thanks for your help!
Phishing (pronounced like "fishing") is a form of social engineering in which an attacker poses as a trustworthy company or individual to get personal information.
Emails and sms are often used for phishing attacks. Attackers send messages to users that appear to be from an institution or company that the individual conducts business with, such as a banking or financial institution, or a web service through which the individual has an account. The goal of a phishing attempt is to trick the recipient into taking the attacker’s desired action, such as providing login credentials or executing a malicious file.
International companies often see their brands and logos abused because they are readily available, widely known and high in hit rates. Almost everyone is or could be a customer and therefore become the victim of a phishing attack carried out under the guise of their brand. Frequently abused brands include DHL, Facebook, Microsoft or Amazon.
Send suspicious emails to the IT Security mailbox of CS Risk Management.
You can either send the suspicious email with the Fronius Spam Reporter or you can open the email and click CTRL + ALT + F and then send it to the IT Security mailbox.
Suspicious sms should be sent as screenshots to the IT security mailbox.
The email address of the IT Security mailbox can be found at the IT Security Portal of Fronius.
The most common form of phishing is mass phishing. There are no specific targets, instead the phishing message is sent to a large number of people.
In this type of phishing message, the attacker is usually disguise as well-known brand, such as Microsoft or Amazon disguised as a well-known brand.
In mass phishing attacks, it is not necessary to gather information about the recipients.
Spear phishing attacks are more complex phishing attacks created specifically for previously defined targets.
In spear-phishing messages, to raise confidence, the attacker often pretends to be a business partner, friend or service provider. Also perpetrators often disguise their messages as coming from within the entity they wish to penetrate.
For this type of attack, the attacker must first collect information about the recipient of the phishing message.
Whaling is a type of fraud that targets high-profile end users such as C-level corporate executives.
As with any phishing endeavor, the goal of whaling is to trick someone into disclosing personal or corporate information through social engineering. The attacker may send his target a message that appears as if it's from a trusted source or lure the target to a website that has been created especially for the attack.
Whaling messages and websites are highly customized and personalized, often incorporating the target's name, job title or other relevant information gleaned from a variety of sources. Because of this, they are usually much harder to detect than conventional phishing attacks.
The following section shows how to detect a phishing email:
1. Sender
2. Subject
3. Text
4. Links
5. Fear/Urgency
Phishing SMS are often more difficult to recognise because they are not as well known as phishing e-mails. This is why extra vigilance is needed here.
The following section shows how to detect a phishing SMS:
1. Sender
2. Text
3. Links
4. Fear/Urgency
Unlike mass phishing mails, spear phishing messages are personalized and will often reference coworkers' or friends' names.
Common file attachments such as .doc, .xls, .ppt, etc. can contain malicious code.
Links can be faked. Spoofed link text can hide a hyperlink's actual destination to a Spoofed Website.
Links to spoofed versions of well-known websites can look legitimate to the untrained eye.