Phishing is a common form of internet fraud. Cybercriminals pose as reliable sources and send deceptive messages on behalf of these individuals or entities. In this way, criminals try to steal sensitive information from you, such as passwords and bank details.

Forms of Phishing

There are different forms of phishing. One of the most common forms of phishing is phishing via WhatsApp or SMS, also known as smishing. Cybercriminals send an SMS that often contains a link that you have to click, for example, to change your password or PIN code.

Email phishing is a form of phishing where cybercriminals send an email containing a link or attachment. For example, as soon as you open the link or attachment, malicious software (malware) will be installed on your device and steal your data. Criminals sell this data in exchange for money or try to log in somewhere with your username and password.

Vishing, a combination of voice and phishing, is a form of phishing that cybercriminals call you. Over the phone, they ask for your personal information, your login details, or to transfer money.

How can you recognize phishing?

Check the sender

Check the sender of the message. Often the e-mail address seems to come from a company or agency, but the e-mail address is often slightly different.

Check spelling

Check the spelling of the message. Many phishing messages are poorly written and contain many spelling mistakes.

High urgency

Phishing messages often have a high urgency. Criminals try to pressure you in the hope that you will act quickly and not realize that you are being scammed.

Impersonal message

Phishing messages are often impersonal because cybercriminals often do not have enough information to address you personally.

Check the link
Check a link in a message if you are not sure whether you can trust the link. By moving your mouse over the link, the fully written link will appear on the screen. This way you can see if it is a link from a reliable source.

You can also type a link in the search bar on the internet. If the link does not appear as a suggestion because only part of the link leads to the criminal’s desired destination, chances are the link is untrustworthy.

You can also check a link via Dr. Link Check. You can enter the link in the program, and you will then be shown whether or not it is safe to visit the web page.

How can you protect yourself against phishing?

To protect yourself against phishing, it is first of all wise to check messages for the recognition points mentioned above. This way you can discover for yourself whether or not it is safe to do what a message asks.

Do you want to protect yourself against malware that can end up on your device via phishing messages? Then we recommend installing an anti-malware program. If you accidentally click on the wrong phishing link or attachment, this program will stop the malware.

You can also use a password manager. This is a program in which all your passwords are stored, and will automatically fill in your passwords as soon as you want to log in somewhere. If there is a fake website, the password will not be entered.

Also important is multi-factor authentication (MFA). This is a method that requires you to take two or more steps to log in. In addition to your username and password, you also have to enter a code that is sent separately to your phone, for example. In this way, a cybercriminal can do almost nothing with your login details.

How to prevent phishing

The tips above help you as an individual, but what about your organization? Even with the best tools in place, one untrained employee clicking a phishing link can compromise an entire company. This is why more and more businesses invest in security awareness training; ongoing programs that teach employees to recognize phishing, social engineering and other threats before they cause damage.

One of the most effective methods is running a phishing simulation: controlled, realistic phishing emails sent to your team to measure how well they spot threats. By combining regular training with simulations, organizations see click rates drop significantly over time, making a real attack far less likely to succeed.

GOOSE VPN helps

By using a VPN, your data is encrypted so that cybercriminals cannot monitor your internet behavior. This makes it harder for criminals to gather personal information to use in targeted phishing attacks. Combine this with security awareness training for your team, and you have both the technical and human side of your defense covered.