Yes, there is also fishing among cyber criminals. However, they do not fish for the biggest and greatest fish. In the online world, the word phishing (a combination of “password” and “fishing”) refers to the fishing of passwords and other personal data of Internet users. The bait of the fraudsters here are fake emails.

If a phishing scam is successful, it poses a high security risk for the injured party and can potentially cost them a lot of money. So what exactly is phishing about and how can you make sure you don't fall victim to such a scam?

If you look closely, there are a few features that indicate that a cybercriminal has cast a fishing rod. The following points should be observed here:

• Email sender: If the sender address looks strange, caution is advised. The fake e-mail addresses are often similar to those of well-known providers such as PayPal or Amazon, but have small differences (e.g. shipping order at amzon.com instead of shipping order at amazon.com). It becomes especially difficult when you receive phishing emails from friends whose accounts have been hacked.
• Language & content: A suspicious subject, impersonal salutation, poor spelling and syntax, inconsistent layout, Cyrillic letters or incorrectly resolved umlauts all indicate a phishing attempt. In addition, most fraudsters ask Internet users to urgently confirm confidential data, eg "If you do not confirm your data in the next 24 hours, your account will be irretrievably blocked".
• Links & Attachments: In many cases, phishing emails contain links to fake websites. Before you click a link, you should therefore always check whether it has spelling mistakes or strange-looking number combinations. Attachments should also be viewed with extreme caution. For example, files that look like a PDF can be redirected to a fake website with one click or a virus downloaded onto your device.
  

Phishing email examples for Switzerland

• Why is? Apparently for an outstanding amount that has to be paid to Swiss Post. Since the amount itself is relatively small, this is about fishing for credit card details.
• Sender: nuzzel.com and not as expected post.ch.
• Amount: The amount is unusual (normal would be either CHF 4.65 or CHF 4.70). In Switzerland in particular, amounts that appear in euros are often a clear sign of phishing.
• Language: Various formal errors (marked in blue in the screenshot), e.g. missing spaces, inconsistent use of 'du' and 'Sie' or the German 'ß', which is not used in Switzerland.
• Links: Unusual linked web addresses (in the screenshot below left), as here zapalogix.com instead as expected post.ch.
• Watch out! Real-looking logos, trademarks, signatures etc. can easily be forged and therefore do not say anything about the legitimacy or authenticity of an email.

• Why is? Apparently the mailbox is full. So that this can continue to be used, the login data or sometimes even credit card number should be given. In this way, hackers gain access to your e-mail account, from which they can then send spam e-mails or place orders under your name.
• Sender: If you have your mail account with us, it would certainly not be mailbox.com , but a nextron.ch address.
• Layout: In the example above, many different font sizes can be recognized
  
• Content: Here, for example, a Gmail address is mentioned, although it is not a Gmail account at all. The fraudster also made a calculation error (945 MB of 876 MB equals 107% and not 98%).
  
• Left: A click takes you to villahidalgo.mx , a Mexican website.
  

Phishing protection options

In addition to paying attention to these suspicious traits, there are a few other preventive measures that individuals can take to avoid falling victim to phishing scams:

• Only enter your username and password via an encrypted connection, ie if the web address contains the prefix https . If you are one of our customers, only enter your access data in your e-mail program or our webmail.
• Regardless of the device, use Secure Sockets Layer (SSL) when setting up your e-mail account as this protects your communications.
• Protect your computer with suitable security software and use an email provider with a powerful virus and spam filter.
• Use a strong password and change it from time to time.
• Ideally, do not log into your bank or e-mail unencrypted via public WLAN networks, as public networks can also be set up and exploited by criminals to access confidential user data.