4nes Information Technology Services GmbH
Poppelsdorfer Allee 106
D-53115 Bonn
Tel.: +49(0)228 299744 50
E-Mail: service(at)4nes(dot)com


What does Phishing mean?

Phishing is one of the oldest fraud methods of the Internet. The human factor is used to gain access to important data and information. Hackers exploit human characteristics such as trust, fear or respect. Phishing is a type of email fraud and belongs to social engineering. This means exploiting the human vulnerability. Phishing often involves attacks via emails or telephones. The attacker pretends to be a trustworthy person or company. The goal of each attack is to obtain identity theft, credit information or important access data from people and companies.

Phreaking plus Fishing = Phishing

Where does the word phishing come from? The cybercriminal "fishes" with an enticing "bait" in a sea of unsuspecting internet users. The ph in "phishing" is taken from the mid-20th century term "phone phreaking". In this activity, "phreaks" experimented with telecommunication networks to decipher how they worked. Phreaking + Fishing = Phishing.

Your contact:
Michael Kraus
Tel: +49(0)228 299744 50

How does a phishing simulation work?

We test your employees in a phishing simulation. We send fake phishing emails directly to your team's inboxes. Test how your employees react to these emails in their daily work. Afterwards, you will receive a report with key figures and recommendations for action from our side. Increase the security awareness of your employees and book a phishing simulation from us today.

What are phishing attacks?

Phishing attacks take place via electronic means of communication. Often these are scam emails or phone calls. Phishing emails are very well made these days. Often the emails hardly differ from real emails. The difference lies in small changes that are not immediately noticeable. A dot in an email address can make the difference. And suddenly you are no longer writing to the boss but to hackers. Telephone voices are imitated by electronic help. Voices then sound deceptively real.

How does phishing work?

The process always follows the same pattern. The attacker sends a message via email, social media, SMS or another channel. The victim is always asked to take an action. Click a link, write back or similar. The more information about the victim that is known on the internet, the better. The attacker uses this information to tailor his attack to the victim. Social media increase the effect of social engineering in this case.

What are different types of phishing?

  • Email fraud
  • Website phishing
  • Vishing which is voice phishing
  • Smishing as for SMS phishing
  • Social media phishing

What is a phishing training?

A phishing training or the phishing test employees are controlled phishing emails. They go to your employees or only a part of your company. These simulations of a hacker attack are deceptively real and strengthen your IT security. The campaigns are used to see if people in your company follow trustworthy looking emails or click on links. The emails are sent at a time defined by you. The content can be coordinated with you. All employees can receive the same or different emails. We will coordinate this with you in advance.

After completion of the phishing simulation, you will of course receive detailed statistics and analyses on the phishing test employees. The aim of this phishing simulation is to strengthen your IT security in your company. It is about creating awareness and training your employees. In advance or afterwards, we always combine phishing campaigns with phishing training of the employees in this area.

Why do i need a phishing training?

Attacks from outside are spreading. No company is safe - no matter what industry they work in. From church congregations to manufacturing companies - anyone can fall victim to a hacker attack. The financial damage is enormous. The emotional damage far greater when customer data and other vital information is in the hands of the attackers.

Phishing simulations are getting better and better and only trained eyes can often tell the difference. Therefore, it is important to constantly train employees through phishing training. We offer phishing training and phishing tests to strengthen your internal IT.

Advantages of phishing simultations

Our controlled simulations help to identify weak points in your company at an early stage. A lot of practice helps a lot. Our phishing test employees are deceptively real and only trained eyes can see the difference. In this case, we act like an email phishing checker. An attacker from outside who in this case is commissioned by you. Simulate attacks in order to act correctly when they really occur.

What if I have opened a phishing email?

When you open a phishing email, nothing happens at first. Simply opening the message can rarely cause any damage. Most of the time, the hackers refer to a link or an entry of data. The aim here is to tap into the recipient's sensitive data or to install malware on the computer. In this case, both can lead to irrevocable damage. Once an identity theft has been carried out, it can no longer be undone.

But watch out! Emails that are sent in the so-called HTML format - and not in text format - can also be a source of danger simply by being opened. The reason: harmful code can be hidden in the source code. If you want to make sure that this cannot happen, we recommend that you deactivate the display of emails in HTML format in your email programme. This way, emails are displayed in plain text. The emails are then more difficult to read at first glance. However, you can change the view directly to HTML by clicking on trusted senders.

What can happen when I click on a link?

If you have entered data or clicked on a link, you need to act quickly. Contact your internal IT department or an external IT service provider directly. Phishing emails almost always contain Trojans and viruses. Once malware is embedded on your computer, data is spied out or data is encrypted. This is often associated with demands for money to release this data again.

The German authority of security recommends:

  • Regular and timely updates of the operating system and programmes on all devices to close security gaps.
  • Be careful when dealing with e-mails from unknown senders (phishing e-mails).
  • Only download data and programmes from trustworthy sources.
  • Regularly back up important data to protect against encryption and to be able to recover lost data yourself.
  • Install an antivirus programme and a firewall to detect malware during unwanted downloads.

How can I protect myself and my employees?

Protect your employees through continuous phishing training. Train yourself and your company through controlled phishing campaigns and phishing tests from us. Increase the awareness of your employees through targeted measures for your IT security. Subject your employees to the phishing test!

What are awareness training courses?

In an awareness training, we teach your employees all the dangers of using the Internet.  We explain specific topics in a clear way. We show videos about misconduct and its consequences. We take you on a short flying visit to the Darknet. In short, during IT security training we teach you all the tips and tricks for safe IT use. During the course, specialists provide you and your employees and users with targeted expertise and knowledge in the area of security awareness and cybersecurity.



4nes Information Technology Services GmbH
Poppelsdorfer Allee 106
D-53115 Bonn
Tel.: +49(0)228 299744 50
E-Mail: service(at)4nes(dot)com