What is phishing and why should I protect against it?
The term phishing is based on the word fishing and refers to an attempt to commit fraud by e-mail. Figuratively speaking, it is a matter of fishing for passwords, which are then used to exploit personal data or harm the owner of a bank account. The recipient receives a serious-looking e-mail from PayPal, Amazon, Apple or even from his supposedly own boss. For example, these e-mails may contain dangerous web links (URLs) that link to fake websites in order to misuse the data entered afterwards. The target domain contained in the URL (here called “who area”) can be used to check which page the web link leads to and the risk can be estimated by the user.
Detailed information about phishing and social engineering protection can be found on our phishing basics page.
The SECUSO research group at KIT (formerly TU Darmstadt) has developed a learning concept for detecting phishing emails: NoPhish. For this purpose, various materials are made available free of charge, which are intended to provide the user with basic knowledge about phishing e-mails and the URLs they often contain.
The anti-phishing learning concept: scientific
At the beginning, there is a short introduction to phishing e-mails, including some phishing examples. The first level explains the structure of the URL. It is made clear that the most important thing is to always check the “who area” of the URL. (Image source NoPhish App)
The participant has the possibility to decide, after checking the displayed URL, whether it is a “phish” or an original. A happy or sad Emoji signals whether you have made the right decision. As a small incentive, only three lives are available in each level. (Image source NoPhish App)
In addition, a question is often asked for the “who” section of the URL to reinforce what you have learned. With each additional level, the difficulty of the URLs to be recognized increases and the number of questions to be answered becomes higher. If all eight levels have been survived, each participant can have a certificate issued by e-mail (email@example.com).
Conclusion: strongly recommended for private users and companies alike
The free anti-phishing learning concept is appealingly implemented by the combination of information and the following quiz questions. The user can easily learn how to handle phishing e-mails and the URLs they often contain. The wide ranging topics will certainly also increase the knowledge of those who have already dealt with the topic. However, the levels are very detailed and can be a bit tedious. Due to the direct learning effect, SECUSO’s anti-phishing learning concept is highly recommended.