IT security at the University of Bern

Phishing: The email with the bait

When we receive an email, we click on it. Especially when the content is interesting, surprising, or worrying. Internet criminals try to exploit this with sophisticated techniques to "phish" sensitive data. Learn how to recognize a phishing attempt and what you can do to protect yourself.

Phishing starts with an email

Phishers fish for information of value. They try to fool you into revealing your passwords or credit card data or downloading a computer virus through fake emails.

A phishing email may submit a tempting offer or demand immediate action to filling out a fake form, clicking the link to a fake website, or opening an infected attachment.

Phishing is the attempt to steal sensitive data by tricking a person into revealing passwords or credit card data or downloading a computer virus. It is a double loss, as the victim loses both their data and money.

The term "phishing" comes from the words "password" and "fishing". In contrast to fishers, phishers are not fishing for fish but sensitive data like credit card numbers, user names, or passwords.

Recognize phishing

Some fraudulent emails look deceptively real. However, some points indicate that a malefactor has cast his fishing rod. Most of the time, you won't find all of these tips, so already, one should make you suspicious.

1 "PayPal Inc" [] - What is written before the email address does not always correspond with the address itself. Therefore, check the email address carefully for suspicious emails.

2 Dear customer… - Don't trust emails with general addresses.

3 Access to your account has been temporarily suspended - Be suspicious of emails requiring "immediate" action or otherwise try to put pressure on you.

4 Verify billing name, address, and telephone number - Never answer email requests for passwords, pin codes, official document numbers, names, address details, etc.

5 Click / Login to get started - Is there a link? Please hover your mouse and discover its true destination.

6 P ayPal - Be suspicious of any email with grammar or spelling mistakes.

7 - Only open email attachments sent by addresses you trust and which you are expecting. Even attachments from friends or family could contain malware - their accounts could be hacked or infected.

Test your anti-phishing skills

Do the phishing quiz from "eBanking – but secure!".

Did you fall for a Phishing attack?

Don't panic - it can happen to anyone. Depending on the information revealed, you have some options:

  • Get in touch with your bank and block your credit card or any transactions on your account.
  • Contact the company or institution from which the phishing mail claims to be sent.
  • Change all passwords that might have been stolen. If, for example, your email password has been phished, try to think which other passwords the phisher could discover with access to your email.
  • Observe the actions on all your online accounts, such as Amazon, Facebook, etc., and report any suspicious events.
  • Make sure your anti-virus program is up to date and initiate a virus scan on your computer.

Have you detected a phishing mail or website?

Please help make the internet a safer place and report it.

Poster "What is Phishing"