That must have happened quickly: the first phishing email appeared in which fraudsters used “Apple Pay” as an argument.

Apple Pay is new on the market and fraudsters are taking advantage of this by inventing plausible-sounding mandatory processes that relate to Apple Pay.

In the case that has now emerged, the phishing email argues that due to the launch of Apple Pay, the bank's security systems have been updated and that all you have to do to activate this new standard is to synchronize your own data.

This is of course a typical phishing trap.

What exactly is phishing?

The term 'phishing' is borrowed from the English word 'fishing' - and describes an activity that cybercriminals carry out. They fish out user data. Phishing works in different ways. Fake websites, emails that appear to come from a well-known person or institution, such as a bank, and SMS can be used for a phishing attack. Fraudsters try to make the original website, the cover letter from a friend or an institute, or the said SMS look as similar as possible to the original.

These fake pages and documents are then distributed and criminals hope that users will log in to these fake pages with their original data and thus be able to obtain this information.

Since the process of writing to randomly selected people in this mass is relatively inefficient, there is a tendency for the fake letters to become increasingly personalized or, as in this case, to contain arguments that are not very familiar to the recipients.

We observed something similar when the GDPR was introduced ( see here ).

So be careful: do not provide any truthful information on this fake site!

If you fall into such a phishing trap, the following measures can help:

Basically, security software can help preventatively !

Of course, no matter how careful you are, you can still fall victim to a phishing attack and unintentionally reveal your personal data to third parties.

The important thing is: Don't panic, but act immediately!

So that you know what to do in an emergency, here are our step-by-step instructions:

  1. Contact the company for which your personal user or login information was stolen immediately. Please call customer service to have your account blocked. Banks in particular have a blocking hotline available around the clock for such cases. Describe your case and your account or user area will no longer be accessible with the old login data.
  2. Log in to your user account and check whether you can still log in. If so, immediately go to the area where you can change your current login information. Set a new password and, if possible, also change the user name and contact address.
  3. Check immediately whether account changes or transactions have already been made , as criminals are usually very quick. Check whether, for example, goods have been purchased or debits have been made for which you are not responsible. If this is the case, inform the customer service of the respective provider immediately.
  4. Document all abnormalities . Take screenshots, print out bank statements and the phishing email, or forward the email to the company in whose name the cybercriminals sent the phishing email.
  5. Contact a lawyer who specializes in internet fraud , explain your case, and submit all documents related to the fraud. You should contact the lawyer even if you have not yet reported any damage.
  6. 2 -factor authentication (if offered) prevents access even if fraudsters have obtained the access data through phishing.

By the way, with phishing there is also hope that stolen amounts (for example from online banking) will be reimbursed by the banks. The basis for this is the Civil Code. According to § 675u BGB, payment service providers are obliged to replace the stolen payment amounts in the event of unauthorized payment transactions. However, this only applies if the person concerned has fulfilled their duty of care. Further information on the legal basis in the event of damage can be found here .

 

Article preview by Primakov / Shutterstock.com

Sign up for the Mimikama newsletter

Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )