Dr. jur. Jörg WernerPhishing is a common cyberattack where targets are contacted online by someone posing as a legitimate institution, with the aim of tricking them into handing over sensitive data. This data can range from personal information to bank details, credit card numbers, and passwords. Once this information is shared, it can be used as a gateway for criminals, leading to identity theft and significant financial loss.
In today's digital world, our assets are no longer limited to material goods; they encompass a wide variety of possessions—including data. The risk of criminals attempting to obtain personal data through deception (by pretending to be the person the data relates to) can be minimized if we stay informed. It is essential to be able to recognize "phishing" attacks when they happen.
Why is it called 'Phishing'?
Phishing – \FISH-ing\ – Noun: A scam where an email user is tricked into revealing personal or confidential information which the scammer can then use illicitly. Context: The widespread use of electronic banking and financial transactions has prompted authorities to crack down on cybercrimes like phishing.
The term "phishing" is used because scammers pretend to be someone they are not, and much like a fisherman casting a hook into the sea, the scammer attempts to catch potential victims from a vast sea of users.
A typical phishing scam begins with a person sending out mass emails that appear to come from a reputable organization—usually well-known entities like e-money institutions or banks.
The Anatomy of a Phishing Attack
Phishing attacks are frequently used to steal user data, including login credentials and credit card numbers. An attacker masquerades as a trusted entity and tricks the victim into opening an email, instant message, or text.
As technology users, we are very accustomed to using email as a primary communication tool, especially in the workplace.
Phishing emails typically ask users to enter personal data and/or verify information they have previously submitted. Those who fall for the trap risk losing their data or even their money.
Fallen Victim to a Phishing Scam?
While more people are becoming aware of phishing attacks and scams, that doesn't mean we are immune. The most important thing is how you react. If you believe you have been scammed, or if you discover that a link you clicked was fraudulent, do not panic—take action.
Immediate Steps You Can Take:
- Change your passwords immediately, and ensure they are strong and complex.
- Review your recent account activity and verify that all transactions were made by you.
- Install reputable antivirus software.
- Monitor your accounts for unauthorized activity.
- File a report.
Contact information for the Malta Cyber Crime Unit:
Contact: Police Headquarters
Phone: (+356) 2294 2231
Email: computer.crime@gov.mt
The Role of GDPR
The collection, storage, and/or use of data belonging to individuals within the European Union falls under the GDPR (General Data Protection Regulation). This means there is a strict obligation to comply with specific rules and requirements. One of these is "Data Protection by Design and by Default." This means that any company subject to GDPR must consider data protection implications when designing new and existing products and services.
Article 5 of the GDPR outlines the principles for processing personal data and how a data controller must adhere to data protection, including—but not limited to—adopting appropriate technical measures to secure data.
In fact, both encryption and pseudonymisation are cited in the legislation as examples of technical measures that can be implemented to minimize potential damage in the event of a data breach.
Data encryption and pseudonymisation technologies are vital tools for ensuring the level of data protection required by the GDPR. When managed correctly, such tools can be highly effective in preventing phishing attacks from succeeding. End-to-end encryption offers robust privacy protection for data centres, and when combined with other tools, a balance can be struck between GDPR compliance and user security requirements.
In Summary
If you receive an email asking you to update your personal details, please be cautious and verify that you know the sender. If you have any doubts whatsoever, do NOT click on any links, as doing so could hand your information directly to a scammer.
Want to Learn More?
https://cybersecurity.gov.mt/what-to-do-if-youre-a-phishing-victim/
https://pulizija.gov.mt/en/police-force/police-sections/Pages/Cyber-Crime-Unit.aspx
Disclaimer: The article above is based on independent research by Dr. Werner & Partners and does not constitute legal advice. If you would like to meet with one of our representatives for further information, please make an appointment with us.
