Yes, fishing also exists among cybercriminals. However, they’re not fishing for the biggest and best fish. In the online realm, the word phishing (a combination of “password” and “fishing”) refers to fishing for passwords and other personal data from internet users. The bait used by these fraudsters are fake emails.
When a phishing scam is successful, it poses a high security risk for the victim and can potentially cost them a lot of money. So what exactly is phishing about, and how can you ensure that you don’t fall victim to such a scam?
Upon closer inspection, there are some characteristics that indicate a cybercriminal has cast their line. The following points should be considered:
- Email Sender: If the sender’s address looks strange, caution is advised. Often, the fake email addresses resemble those of well-known providers such as PayPal or Amazon, but have small differences (e.g., shippingconfirmation@amzon.com instead of shippingconfirmation@amazon.com). It becomes particularly difficult when you receive phishing emails from acquaintances whose accounts have been hacked.
- Language & Content: A suspicious subject line, impersonal greeting, poor spelling and syntax, inconsistent layout, Cyrillic letters, or improperly resolved umlauts all indicate a phishing attempt. Additionally, most scammers urge internet users to urgently confirm confidential data, e.g., “If you don’t confirm your data within the next 24 hours, your account will be irrevocably blocked”.
- Links & Attachments: In many cases, phishing emails contain links to fake websites. Therefore, before clicking on a link, always check if it contains spelling errors or strange-looking number combinations. Attachments should also be treated with utmost caution. Files that look like PDFs, for example, may redirect you to a fake website with a click or download a virus onto your device.
Phishing Email Examples for Switzerland
- What’s it about? Apparently about an outstanding amount that needs to be paid to Swiss Post. Since the amount itself is relatively small, the goal here is to fish for credit card data.
- Sender: nuzzel.com and not as expected post.ch .
- Amount: The amount is unusual (normally it would be either CHF 4.65 or CHF 4.70). Especially in Switzerland, amounts that appear in Euro are often a clear sign of phishing.
- Language: Various formal errors (marked in blue in the screenshot), e.g., missing spaces, inconsistent use of “du” and “Sie” or the German “ß”, which is not used in Switzerland.
- Links: Unusually linked web addresses (bottom left in the screenshot), such as zapalogix.com instead of the expected post.ch .
- Be careful! Genuine-looking logos, trademarks, signatures, etc. can be easily forged and therefore say nothing about the legitimacy or authenticity of an email.
- What’s it about? Supposedly, the mailbox is full. To continue using it, login data or sometimes even credit card numbers should be provided. This way, hackers gain access to your mail account, from which they can then send spam emails or make orders under your name.
- Sender: If you have your mail account with us, it certainly wouldn’t be mailbox.com , but rather a nextron.ch address.
- Layout: In the above example, many different font sizes can be seen
- Content: Here, for example, a Gmail address is mentioned, although it’s not even a Gmail account. The scammer has also made a calculation error (945 MB out of 876 MB equals 107% and not 98%).
- Links: Clicking leads to villahidalgo.mx, a Mexican website.
Protection Measures Against Phishing
In addition to paying attention to these suspicious features, there are some other preventive measures that everyone can take to avoid falling victim to a phishing scam:
- Only enter your username and password over an encrypted connection, i.e., when the web address contains the prefix https. If you are our customer, enter your login details exclusively in your email program or our webmail.
- Regardless of which device you use, also use Secure Sockets Layer (SSL) when setting up your email account to keep your communications protected.
- Protect your computer with appropriate security software and use an email provider with powerful virus and spam filters.
- Use a secure password and change it from time to time.
- Ideally, do not log in to your bank or email unencrypted via public Wi-Fi networks, as public networks can also be set up and exploited by criminals to intercept confidential user data.
How to check the authenticity of your mail.nextron.ch webmail
- Our webmail exclusively uses mail.nextron.ch as its address and will always automatically appear with https (lock symbol).
- Additional browser plugins such as “Flagfox” for Firefox or “uDomainFlag” for Chrome help identify the country of a website. Our mail server is always and exclusively in Switzerland.
- Therefore: Anything that looks different or does not have a nextron.ch web address is definitely phishing. Instructions contained in such an email should never be followed.
How to change your email password in our webmail
- You can change the password for your mail account at any time.
- 1) Click on the account symbol in the top right –> 2) “Options” –> 3) Under the “Accounts” tab then 4) “Change password”. 5) Optionally increase security with two-factor authentication!
- Especially the password for the email account should never be the same as those for other accounts (PC login, Apple, Zalando, Amazon, etc.)
- The password should be secure and memorable. It doesn’t need to be “GJ20SC%2H4Can$AD923”, but your own birthday or the name of your cat/friend/spouse is not sufficient here. Passwords can also be easily saved in the browser or email program.
How to protect yourself additionally with the nextron Business Email Spam Filter
Our professional email solution features a high-quality filter that recognizes a variety of phishing and spam emails, so they don’t even appear in your mailbox. The solution is available separately or as an add-on to our hosting packages.
Do you have a question about phishing or email security?
Our expert Lukas Frei, with 30 years of know-how in the field of email and spam solutions, is available to assist you at phone number 061 695 92 25.