In today’s digital world, phishing attacks and data leaks pose significant dangers. According to the German Federal Office for Information Security (BSI), these two threats are the biggest risks for consumers.
Main characteristics of the threats:
- Phishing attacks: criminals use fake emails or websites to obtain personal data.
- Data leaks: Sensitive information becomes publicly accessible due to security gaps at providers.
Phishing attacks: Increasingly sophisticated and diverse
Phishing attacks have evolved and are no longer aimed exclusively at the financial sector. Criminals are increasingly misusing the names of well-known brands from the logistics, online retail, streaming services and even government sectors to gain the trust of users. The use of artificial intelligence is making phishing emails increasingly professional, which makes it more difficult for consumers to recognize them as such.
One particularly sophisticated phishing attack recently put over 2.5 billion Gmail users at risk. The scammers combined fake emails with AI-powered phone calls to obtain sensitive account information. Even experienced users could be fooled by this method.
Data leaks: a growing risk
Data leaks from providers represent another significant risk. Sensitive customer data can fall into the hands of cyber criminals, which can lead to considerable consequential damage for those affected. An analysis by the BSI of 354 known data leaks shows that names and user names were affected in 86.7% of cases. Email addresses (41.8%) and personal address data (40.7%) were also frequently the subject of leaks.
The rise in phishing pages that imitate Google services is particularly alarming. In the first half of 2024, such pages were clicked on over four million times, more than three times as often as in the previous year. Other major tech companies such as Facebook and Amazon are also popular targets for data thieves.
Protective measures: What can consumers do?
In view of these threats, the BSI strongly recommends the use of two-factor authentication (2FA) to provide additional security for online accounts. Passwordless authentication with so-called passkeys, which combines a user-friendly application with a high level of security, is particularly promising. The BSI is therefore calling on manufacturers and providers to consistently offer modern authentication solutions such as passkeys and to actively educate consumers about secure authentication procedures.
Users should also be vigilant, especially when receiving messages that claim to be urgent. Reputable companies never ask for personal information or account details by email. It is advisable to check sender addresses and telephone numbers carefully and contact official support directly if in doubt. You should also install up-to-date virus protection programs and avoid suspicious attachments or links.
Consumers can significantly improve their digital security by being more vigilant and using modern security measures.
