Hamburg/Hannover Such attacks are called phishing. The word creation consists of “password” (password) and “fishing” (fishing), so it means password fishing. “It is, for example, about attempts to lure users with fake messages, mails or SMS on scam sites,” explains Andy Voß of the “Computer Bild”. Phishing attacks are not always immediately recognizable even for experienced users or even professionals and were increasingly directed against company employees in the home office.
“Employees in the home office are popular because they are easy victims. While the company admin still has some control over the work computers in the company, this often does not exist in the home office, “says Ronald Eikenberg from the “c’t” trade magazine. A company is particularly vulnerable when employees use their own computer for office work in their home office, which is also used privately.
The whole company shut down
“If the employee catches a Trojan at home, it can then rage through the VPN connection in the company network. In the worst case, the whole company is paralyzed by a wrong click,”warns Eikenberg.
The IT industry association Bitkom therefore advises to leave private computers out of the home office. “It is better to use only corporate devices on which, for example, access rights are restricted and the installation of software is only allowed to administrators,” says Simran Mann, IT security expert at Bitkom. In addition, it can also be ensured that necessary security updates are actually imported.
If the home workplace is infected, this is not necessarily immediately recognizable. One of the attackers’ goals is to remain undetected for as long as possible, explains Eikenberg. “However, indications of this are, for example, redirects of website calls, the appearance of programs that you have not installed or a sudden increase in the load of the system.” Users should also become skeptical when the virus scanner hits.
The man at the center of the attack
With all the technical possibilities: In the end, it is always the user who is at the center of a cyber attack. “Phishing is a form of social engineering, i.e. an attack on the human vulnerability. Technical protective measures are useful, but they cannot prevent such attacks,” says Eikenberg.
Nevertheless, it always applies: Only work with the latest software and only with an active antivirus program. The Defender integrated in Windows 10 and 11 is already sufficient in many cases, says Eikenberg. The main gateway for cybercriminals is still the e-mail.
“But there have been and still are attacks in which employees are cheered on by prepared USB memories that automatically install malware when they are plugged into the company notebook,” says Bitkom expert Mann. Here, of course, the effort is much higher.
While mail attacks used to be relatively easy to detect, for example due to poor German in the text block of the mail, this is now much more difficult. “Some of these e-mails are very professionally and extensively researched, right down to the e-mail signatures of the alleged senders,” warns Simran Mann.
Attacks also by phone
But even by phone, criminals are still trying to gain access to computers. Here we are also talking about vishing, a creation of words from “voice” (voice) and “fishing”.
A classic: fraudsters impersonate employees of Microsoft support on the phone and thus repeatedly manage to get people to install software for remote maintenance. Then you have full control over the computer and access to all data.
Andy Voß advises to hang up directly on such calls. Neither Microsoft nor other reputable companies ever call unsolicited or simply send e-mails in which personal data is requested. With the best protection against cyberattacks and social engineering: common sense and skepticism.
“If you are actively informed about the tricks of the attackers, it is of course easier to recognize them,” says Voß. Under no circumstances should you open attachments in emails from unknown senders just out of curiosity.
It is comparatively easy for cybercriminals to work from home, also because communication is almost exclusively digital. “There is no one-to-one personal exchange. The probability is therefore much higher that you will fall for a fake email that supposedly comes from the boss or admin,”says Eikenberg. If you are unsure, you should rather ask too much by phone than opening dubious attachments or carrying out nebulous instructions.