Phishing and E-mail Security
Due to the wide distribution of e-mail communication in the workplace, it has also become very interesting for criminals. However, e-mail security does not only relate to the reception of possibly harmful or unwanted e-mails, but also to the sending of one's own e-mails, especially if sensitive information is included. The terms spam and phishing are often used in the context of harmful and unwanted e-mails.
But beware: similar attack attempts or unwanted messages can also be sent via communication channels other than e-mail, so unusual communications should also be questioned when using messengers, social networks or even the telephone.
Spam
Spam is the general term for unwanted messages, usually sent in mass quantities. The name comes from the word "SPAM", which became a synonym for "unwanted things in abundance" through a Monty Python sketch about tinned meat. Although spam messages can be distributed in a variety of ways, such as by fax or SMS, most people think of spam as e-mails. The originators, also called spammers, of such messages send them automatically. Most often, such messages are used for advertising purposes, fraud attempts, distribution of malware or phishing.
For advertising purposes or fraud attempts, "fantastic" and "unbelievable" products, e.g., novel diet pills or offers, such as fast money-making methods, are often promoted. A lot of great promises are made in order to persuade the recipient to take up the offer. As a rule, however, such products and offers do not deliver what they promise or are non-existent and the money paid is lost forever.
Phishing
Phishing is the term used to describe e-mails or websites that have been prepared by criminals and are designed to obtain information for the purpose of identity fraud. Often, these are e-mails that pretend to come from well-known companies, e.g. banks or the University of Münster, and can look convincingly genuine. In most cases, they refer to an urgent problem (threat to delete the account, request to change the password, etc.) and demand immediate action from the user. This is just an excuse to make users hurriedly visit a linked website or run a malicious file that is sent along with it.
The linked websites are often designed in the same way as the original company websites, and the address line of the browser usually shows an address that looks confusingly similar to the real one, e.g. http://www.uni-meunster.de instead of http://www.uni-muenster.de. Sometimes, in addition to supposed "security checks" or "updates", the user is asked to enter personal data in order to obtain further information, such as an address or credit card number. However, if you do so, the information is passed on to the criminals, who misuse it for their own purposes or resell it.