Taxes & business banking for the self-employed


Self Employment and Security: too many phish in the sea

Last updated on Feb 21, 2020

Kate Bailey

Freelance Editor

Jun 25, 2019

Self employed people and freelancers face yet another interesting challenge when they choose not to work for ‘’The Man’’. When you work for a large company, chances are you work and digital presence is protected by technology provided by and maintained by the company. Chances are you will not deal with the finances in this same scenario, so bank fraud or phishing generally are not apart of the experiences workers take with them into freelance life. As we will discover, you will have to make your own security routines and as this is something that involves investment, it is something that should be planned very carefully.

Now, of course, we are going to start by establishing that security is something we take really seriously here at Kontist. We know it is a huge motivation for our customers, and we want to make sure the livelihoods are as secure as possible, so before going on, feel free to [read about banking security with Kontist]. 7614 cases of fraud in online banking were the criminal police in 2016 Germany - that are known. In Brandenburg alone, there were 282 advertisements, of which at least 157 could be enlightened. This is more than usual in criminal cases. It is estimated that these cases mentioned account for only five per cent of the Internet attacks actually carried out in Germany. Only a few cases are displayed. Partly because people are too cumbersome in a mere attempt by the perpetrators, in part because banks - perhaps because of their reputation or concern for the business model - discourage their clients from reporting - which, strictly speaking, protects perpetrators. In order to spy on the computer and crack the phone, the perpetrators send an email with an attachment or a link leading to an infected website. Once the online customer opens this attachment or clicks on the link, the computer is infected with the malware and the perpetrators can spy on them. The method is commonly known as phishing.

What is phishing

The term phishing refers to attempts on fake websites, emails or text messages to personal data of Internet to get sensitive user data and thus to commit identity theft. The purpose of fraud is, for example, to use the data obtained to make a financial gain at the harm the respective targets. It is a form of social engineering that exploits the good faith of the victim. Humans, sometimes we are not so great. Fun fact: the term is an English word of art that is made up of ''password harvesting'' (collecting passwords) and ''fishing'' (figuratively illustrates fishing for passwords with baits). So, any portmanteau fans out there should enjoy this. So, an example of phishing in banking could be a fraudulent person recreates the site of a savings bank but is a phisher-prepared website. Clicking a specific button would prompt the unsuspecting visitor to enter personal information that the phisher will then intercept. Ew, scary.

In general, a phishing attack begins with a personally held, formal e-mail or bulk email, with the recipient being always addressed as "Dear customer" instead of the actual name normally known to the bank - one of the ways to detect phishing emails. The recipient should visit a fraudulent website that looks more or less deceptively genuine and prompts you to enter your access data. The forged websites are usually recognizable by clumsy phrasing (often the result of computer translation), spelling or syntactic errors. Sometimes emails with fake senders are easily recognizable in the wrong language, if, for example, an allegedly German bank completes its newsletter with the greeting "Yours truly" or other non-authentic phrasing. The fake landing pages usually have fake names or names that sound similar to the official pages or companies. Landing pages with the web form look the same as the original pages. So they are very difficult to identify as counterfeits.

Spear Phishing

"Spear-phishing" is perhaps the most perfidious way to gain access to foreign computers. Because the attacker knows not only the personal email address of the victim but also details from the private and professional environment. He captures the identity of a friend or colleague so that the message sounds completely harmless. That makes it almost impossible to detect the attack.

Because the sender does not send a link or a file, the victim googles the hint mentioned in the mail. So it gets to a prepared by the attacker side. Only here you catch the spyware, which sucks from now on data from the computer. As with a spear, those affected are targeted. They often realize months later that their computer has been hacked.

Easy ways to spot phishing attempts

- Phishing by email is usually sent as bulk email. As a result, the fraudsters cover the widest possible amount and get more data. However, as a customer of an alleged company you are never addressed by name, but merely as a "Dear Customer". Pay attention to the right address in your emails.

- Never click on a link in your emails to generate a new password or enter your account details. Reputable companies recommend frequent password changes, but only through their own settings in your account. So first log in to the original website and change your password there.

The basics of protecting yourself against phishing

  • Never, ever share your bank login with anyone
  • If you are unsure you are speaking or emailing with your bank, following up by directly contacting your bank
  • Always opt for two factor authentication where possible
  • Only use the App on mobile devices
  • See what options for anti-phishing and anti-spyware/malware are available through your email provider. Regularly check and update these security settings
  • Copy and paste URLs instead of clicking directly on them - try to test them outside of the email if it feels suspicious
  • Always check a link before clicking on it. Hover over it to preview the URL, and look carefully for misspelling or other irregularities.

Prevention is the best cure

Banks like Kontist are committed to help their customers sometimes as a precaution automatically by blocking unusually high online remittances of a particular customer. However, the perpetrators can respond by focusing on many small amounts. And most of them get away with it because the police in Germany can only very rarely investigate which port hides behind a specific IP address. This usually does not have to be stored in Germany. What does help is a bank with technological prevention methods like Kontist. As we have discussed on the blog before and on our site, security is a feature we want to offer customers so they can have peace of mind regarding the most sensitive part of their business - their money!

Once you think about it, online phishing is not that far from real fishing. The one big difference is that online phishers are criminals. And unlike fishing for fish in the sea, the fraudsters are after all your personal data, bank details and other information. Unfortunately, apart from the totally paranoid mega vigilance in the user, there is no absolute cure for phishing attacks. The threat is like the flu - it keeps evolving and changing its types of attacks. Scammers can launch personal phishing campaigns that target employees of a specific company or people. It reminds you of a kind of harmful marketing, right?

If you discover a phishing campaign, you should tell your bank (if the scammers fake the bank's emails) or your social network support (if it sends malicious links to users). This will help your bank to catch the perpetrators. If possible, do not log in to your bank and similar online services over public Wi-Fi networks (for example, in a café or at the airport). It's better to use a mobile connection or wait to log in than to play into the hands of gamblers and lose money. After all, public networks can also be set up by scammers, who then redirect you to false websites.

And there are many ways for users to swallow the phisher bait: access to public Wi-Fi, log in to fake websites or clicking a link in a "cool" discounted email that promises exclusive holiday offers. It is impossible to enumerate all the possibilities. But it is important to take precautions where you can. It is never worth not taking the precaution, even though it is easy to think it would not happen to us. But, running a business means always asking, what if it did? Now you are probably already 100% sold on [being your own boss](, and now you also have a background knowledge of what it is going to require to secure that business, and we wish you good luck! We take security seriously too!