Phishing is a form of internet fraud in which internet criminals attempt to obtain sensitive information such as user names, passwords, bank account details and pin codes, by means of presenting themselves as a trusted institution such as a bank.
An often used method is the sending of an email, which presents itself as a trusted institution, urging the reader to click on a link in the email. A phishing email may look like the example below.
By clicking on the link, you're redirected to a forged website where you can enter sensitive information, such as your account name and password. This forged website often greatly resembles the real website. In many cases the domain name also resembles the actual website.
You can always report phishing to the institution whose website or email has been forged. Should you hesitate whether an email or website really belongs to TransIP, please send us a message using the 'contact' button below this article, or send an email to security@transip.nl.
Protecting yourself against phishing
There are a couple of measures you can use to ensure you won't become the victim of a phishing attack. In the measures below we'll assume the phishing attempt concerns TransIP.
Two factor authentication
The best protection you can use to prevent attackers from abusing your personal information, is activating two factor authentication (2FA) in your TransIP account. Using 2FA, you enable an additional layer of security, which prevents access to your account soly by using an account name and password. 2FA is not complex in its use and increases the security of your account considerably.
2FA not only prevents you from becoming the victim of phishing. Do you use the same login name and password across multiple websites besides TransIP? Attackers will then be unable to access your TransIP account using these account details, should these get stolen from another website.
There are several providers offering 2FA apps. In our Knowledge Base-article we explain the usage of Google Authenticator. Using a 2FA app, you'll need to enter a numeric code which is shown on your phone, after logging in using your account details. You only have to do this once, as long as you remain logged in.
Pro tip: https://twofactorauth.org/ contains a list of all websites that offer 2FA protection. Take a look to see if you use any of the listed websites, and enable 2FA for them as well.
Email sender
Examine the sender's email address. Does the email address end in @transip.eu or @transip.co.uk? If this is not the case, you'll know for a fact that this email was not sent by TransIP and you should not click any links in it under any circumstances.
Content of the email
In a phishing email, there'll always be a question for you to do something, nearly always to visit and log in to a website. After all, it's your account details the attackers are after. If you did not expect this email in the first place, that should also be a reason for you to be even more alert.
Links in an email
A phishing email always contains a link. This link may resemble a link that you're used to seeing from TransIP, but doesn't resemble it entirely. Note that the shown link may deviate from the actual URL that's behind it.
In many email clients you can point your mouse on top of the link, after which you'll be shown the actual URL (for example in a small pop-up). Don't click on a link in the email if it does not start with https://www.transip.eu or https://www.transip.co.uk and send a message to our support department.
Some browsers display the URL at the bottom left corner of the browser in a status bar. The image below shows an example of a URL as it will appear in the web interface of Outlook when you point your mouse on a link in the email.
Language and punctuation
Phishing messages usually contains grammatical, somantic and punctuation errors. This is the result of the original message often being translated by a translation machine. As such, you may notice missing points and comma's, or phrasing you're not used to from TransIP. You should be extra alert when noticing these signals.
In this article we explained what phishing is, and how to protect yourself from becoming a victim of phishing. Should you have any questions left regarding this article, do not hesitate to contact our support department. You can reach them via the ‘Contact Us’ button at the bottom of this page.
If you want to discuss this article with other users, please leave a message under 'Comments'.