What is phishing?
The term phishing is based on the English word fishing and refers to an attempt to commit fraud by e-mail. Figuratively speaking, it is a matter of fishing for passwords, which are then used to abuse personal data or harm the owner of a bank account. Phishing is thus a “social engineering” or “social hacking” method – the psychological manipulation of people by the exploitation of social norms or human nature. The recipient receives a trustworthy seeming e-mail during phishing, for example from PayPal, Amazon, Apple or even supposedly from their own boss (known as “CEO Fraud”). For example, these e-mails may contain dangerous web links (URLs) that link to fake websites in order to subsequently misuse the data entered. The URL and the domain contained therein can be used to check which page the web link leads to and the risk can be estimated by the user.
By far the most successful phishing method is spear phishing, where attackers specifically collect personal information about companies or selected employees to launch individualized and highly professional cyber attacks. An effective way to protect yourself as a company against phishing attacks is to conduct phishing simulations to increase employee security awareness and capture the phishing security level.
Detailed information about phishing and social engineering protection can be found on our phishing basics page.
The following is a good safeguard for private individuals against phishing.
Download, Installation and Tutorial of TORPEDO
The add-on TORPEDO is available free of charge for the free e-mail application Mozilla Thunderbird and was developed by members of the SECUSO research group of the KIT (formerly TU Darmstadt). The tool promises quick and easy help to detect fake links in phishing emails. After downloading the „torpedo.xpi“-file , the add-on only needs to be installed in Thunderbird itself. In the settings of the program in the “Add-ons” folder, the file can be selected and installed easily. After that, the program will be restarted and a clear and informative tutorial for using TORPEDO will be offered. The URL check and the operation of the add-on are explained in a way that is easy to understand.
Using TORPEDO correctly
It is possible to expose a phishing e-mail using the links found therein. If you move the mouse over a link after installing the add-on, the actual URL is displayed by a tooltip. A green frame in the tooltip indicates that the domain (the given area in the URL) is low risk because it belongs to a list of the 100 most visited websites. To simplify recognition, the domain is printed in bold. (Image Source Torpedo Add-on)
If the tooltip has a blue frame, the risk is also low because the domain has been visited manually at least twice since the installation of TORPEDO and has been included in the list of secure websites. (Image Source Torpedo Add-on)
A gray frame, on the other hand, indicates that the URL is unknown and could be dangerous. Therefore, the URL should be checked carefully, with the focus on the target domain. The target domain is displayed in bold, so that it is easy to see where the link leads the user. If the link is dangerous, the e-mail should be deleted. However, if the URL is known to the user, it can be classified as harmless via the menu. (Image Source Torpedo Add-on)
The following picture shows an e-mail allegedly from Amazon. The domain displayed bold by TORPEDO indicates that the URL leads to “de-index. info”. (Image Source Torpedo Add-on)
For this reason it is important to always be careful and check the URL thoroughly. Activating the potentially harmful link during the investigation is prevented by a delay of three seconds. However, the delay time can be changed. For more information, you can click on a small “i” in the tooltip.
Using the TORPEDO Menu
The menu is structured very clearly and offers the following options:
1. classify a domain as harmless
2. use an integrated search engine to find the target of the URL
3. select a short and long version of the tooltip
4. switch between a normal and large font size
5. open TORPEDO settings
The delay can be adjusted or deactivated in the settings and the list of URLs classified as low risk by developers and users can be retrieved and edited. (Image Source Torpedo Add-on)
Easy, fast and safe, TORPEDO clarifies the target domain hidden behind the URL in an email and helps to check it to protect against phishing emails. TORPEDO is therefore very helpful for anyone who is not well versed in detecting potentially dangerous URLs. However, this does not provide 100% protection, of course, and requires the user to think for themselves – something that can also be trained in a professional, protected setting.