Szenario 5

Language navigation

Phishing Identify dangerous e-mails quickly and reliably

You have just entered your business password on a fake website. Your password could now be in the hands of hackers who can use it to access Swiss Post systems and information.

You received an e-mail about savings at HR which was clearly sent to you in error. The e-mail contained a link which appeared to lead to a portal for a non-existent HR consultancy firm.

You could have seen through this particular attack very easily, as the e-mail was not addressed to you and you are not involved in an HR savings planning group. This should have made you suspicious from the outset.

If you followed the download link anyway, you landed on a strange website for an HR consultancy firm. The website was unencrypted, which could be seen from the missing padlock in the browser address bar and the missing https:// entry at the start of the link.

Never enter your password on unfamiliar websites or unknown login screens!

Note: This attack was part of a Swiss Post awareness campaign. No data was transferred and no malware was installed.

Tabs

Preventing the attack

Just clicking on a link in an e-mail can put you in danger. Be wary of all e-mails that arrive in your inbox:

  • How does the sender know your address and why are you receiving the e-mail?
  • Do you know the sender, does the content make sense and does the language sound like the sender?
  • Are you being pressured into doing something or is something being offered to you in a suspicious manner?

How hackers operate

Hackers use a good story to try to get their victims to click a link. The link takes you to a website somewhere on the Internet, where malicious software may be waiting to exploit existing vulnerabilities on your computer without you doing anything more, causing a great deal of damage.

You were also asked to enter your Swiss Post username and password on the site. In phishing attacks of this kind, this access data falls directly into the hands of the attackers, and they could use it to try to access Swiss Post’s webmail and gain access to any unprotected information.

Strengthen your knowledge with our phishing exercise.

Start the exercise now