Interview from 06.04.2023
Interview with a Phishing Expert
Phishing is a combination of the words “password” and “fishing.” It involves customers receiving deceptively genuine emails from people with criminal intentions. We can only take limited action against these illegal activities. It is much more important that you, as an individual, take care not to fall for such scams.
How do I recognize phishing? What are the characteristics of these fraudulent emails?
Chris: Phishing attempts frequently occur in combination with fake giveaway notifications, financial services, expiring domains, or supposedly unpaid invoices.
Phishing emails always contain calls to action. For example: "Click this link so that your account is not blocked," or "Please click this link so that your domain does not expire," or "Please click this link to collect your giveaway prize."
The actual sending email address is usually a cryptic-looking, difficult-to-read address. Most email programs like Outlook, Thunderbird, or Apple Mail, as well as our world4you webmail, offer the option to display the sender's full email address. For example, you can see the full sender address by hovering the mouse cursor over the sender or clicking on it.
Pay particular attention to generic greetings, strange attachments, spelling and grammar errors in the text and URLs, and your gut feeling: If the email seems automatically translated or conveys a false sense of urgency, it may be a phishing attempt.
Reputable companies will also never ask you to disclose passwords.
Where do criminals get information about my email address or my domain?
Chris: After a domain registration, depending on the type of domain – such as .at, .de, or .com – personal data such as your name or email address may be visible in the public WHOIS register.
Fraudsters access the public WHOIS register to gather information. Criminals also frequently buy data illegally and misuse it for phishing. Which personal information appears in the domain's WHOIS register is regulated by international guidelines. world4you, as a domain registrar, naturally adheres to these specifications.
Unfortunately, as a web host, we are also in the crosshairs of criminals. If I receive a supposed email from world4you with a payment request, how can I be sure it is actually from world4you?
Chris: In our customer area at my.world4you.com, we list the emails we have sent in the last 60 days, with the exception of our standard newsletters.
Should you receive an email in your email program that is supposedly from us, but it is not visible in the customer area, it is most likely a fraudulent spam email.
world4you sends emails exclusively from @world4you.com addresses. If you receive a mail from a sender that does not end in @world4you.com, that is also most likely a spam or phishing mail.
Do you have additional tips on how we can protect ourselves from phishing?
Chris: The most important thing is: always be skeptical of emails coming from an unknown address. If the sender's email address looks suspicious, do not open the email or the attachments under any circumstances. A common phishing scheme is to use an email address that is very similar to the real one.
What we also always suggest: regularly perform security updates for your internet browser. And only disclose confidential data on encrypted pages. You can recognize these by the https:// in the address bar and the closed padlock symbol in the browser's address bar.
We also recommend using strong passwords that contain, for example, special characters and both upper- and lower-case letters. These should also be changed regularly. Additionally, it is advisable to use different passwords for different platforms and websites.
We also recommend using two-factor authentication for your world4you account. This feature protects you from unauthorized access.
As mentioned before: if you are unsure whether an email is from world4you, you can check this at any time directly in the customer area at "my.world4you.com". In your customer area, we list emails you have received from world4you over the past 60 days.
What can I do if, despite all good intentions, I have fallen for a fraudster's trick?
Chris: Most importantly – stay calm. If personal data has been disclosed, such as your email addresses and passwords or even bank details, the first vital step is to change your passwords. If you have used that password on other platforms, change it there as well.
We also recommend regularly checking bank and credit card statements to identify suspicious activity. In the event of an unauthorized debit, contact your bank. You can also file a criminal complaint with the police.
Chris: Phishing attempts frequently occur in combination with fake giveaway notifications, financial services, expiring domains, or supposedly unpaid invoices.
Phishing emails always contain calls to action. For example: "Click this link so that your account is not blocked," or "Please click this link so that your domain does not expire," or "Please click this link to collect your giveaway prize."
The actual sending email address is usually a cryptic-looking, difficult-to-read address. Most email programs like Outlook, Thunderbird, or Apple Mail, as well as our world4you webmail, offer the option to display the sender's full email address. For example, you can see the full sender address by hovering the mouse cursor over the sender or clicking on it.
Pay particular attention to generic greetings, strange attachments, spelling and grammar errors in the text and URLs, and your gut feeling: If the email seems automatically translated or conveys a false sense of urgency, it may be a phishing attempt.
Reputable companies will also never ask you to disclose passwords.
Where do criminals get information about my email address or my domain?
Chris: After a domain registration, depending on the type of domain – such as .at, .de, or .com – personal data such as your name or email address may be visible in the public WHOIS register.
Fraudsters access the public WHOIS register to gather information. Criminals also frequently buy data illegally and misuse it for phishing. Which personal information appears in the domain's WHOIS register is regulated by international guidelines. world4you, as a domain registrar, naturally adheres to these specifications.
Unfortunately, as a web host, we are also in the crosshairs of criminals. If I receive a supposed email from world4you with a payment request, how can I be sure it is actually from world4you?
Chris: In our customer area at my.world4you.com, we list the emails we have sent in the last 60 days, with the exception of our standard newsletters.
Should you receive an email in your email program that is supposedly from us, but it is not visible in the customer area, it is most likely a fraudulent spam email.
world4you sends emails exclusively from @world4you.com addresses. If you receive a mail from a sender that does not end in @world4you.com, that is also most likely a spam or phishing mail.
Do you have additional tips on how we can protect ourselves from phishing?
Chris: The most important thing is: always be skeptical of emails coming from an unknown address. If the sender's email address looks suspicious, do not open the email or the attachments under any circumstances. A common phishing scheme is to use an email address that is very similar to the real one.
What we also always suggest: regularly perform security updates for your internet browser. And only disclose confidential data on encrypted pages. You can recognize these by the https:// in the address bar and the closed padlock symbol in the browser's address bar.
We also recommend using strong passwords that contain, for example, special characters and both upper- and lower-case letters. These should also be changed regularly. Additionally, it is advisable to use different passwords for different platforms and websites.
We also recommend using two-factor authentication for your world4you account. This feature protects you from unauthorized access.
As mentioned before: if you are unsure whether an email is from world4you, you can check this at any time directly in the customer area at "my.world4you.com". In your customer area, we list emails you have received from world4you over the past 60 days.
What can I do if, despite all good intentions, I have fallen for a fraudster's trick?
Chris: Most importantly – stay calm. If personal data has been disclosed, such as your email addresses and passwords or even bank details, the first vital step is to change your passwords. If you have used that password on other platforms, change it there as well.
We also recommend regularly checking bank and credit card statements to identify suspicious activity. In the event of an unauthorized debit, contact your bank. You can also file a criminal complaint with the police.
Looking for Personal Assistance?
Our support team promptly and competently handles your request – and has been doing so directly from Austria for 28 years.