Recognizing Phishing Emails: an Overview of the Indicators

Phishing is one of the everyday threats to which users are exposed to the Internet. More and more people are ordering goods conveniently over the Internet or doing banking online. (E-mail is still the most important online means of communication. Fraudsters use this circumstance to penetrate the electronic communication channel with fake messages. These contain dubious links (e.g. to fake websites) and reply addresses, which also target the data of unsuspecting users. We'll tell you how to recognize phishing emails and thus protect yourself from data theft.

What Is Phishing?

Phishing is a method of fraud in which one email sender pretends to be someone else in order to steal account or log-in information from an unsuspecting victim or to smuggle malicious malware onto their system. The made-up word is derived from the English fishing (angling, fishing) and is based on a similar reference: In phishing, tricksters use fake emails as bait in order to "fish" for passwords. The spelling with "Ph" goes back to the vocabulary in hacker circles.

Phishing Emails: This Is What Scammers Do

The basic scheme of phishing is easy to explain: Internet criminals send supposedly official e-mails from banks, payment services, online marketplaces, or e-commerce service providers, in which the unsuspecting reader is asked to fill out e-mail forms or a link to an apparently official log-in page to follow. Anyone who discloses sensitive data in this way runs a high risk. The aim of such phishing attacks is to obtain user names, passwords, PINs, and TANsin order to make bookings or orders for goods on behalf of the user. Victims of such phishing emails often only notice that bank accounts or payment service accounts have been hacked when the fraudsters' purchases or transfers appear on the bank statement.

The Best Tips for Spotting Phishing Emails

Protection against fraudulent messages usually already offers a careful look into the e-mail inbox. You can usually recognize phishing by obvious clues such as an unknown sender, an impersonal salutation, spelling errors, and dubious links and online forms. Here are the best tips to effectively protect yourself against phishing:

Tip 1: Check the Sender's Name and Address

With every supposedly official e-mail from your bank or online service provider, your first look should be at the sender. Ask yourself: Who is sending you the email? Do you have a business relationship with the provider? And did you give them your email address? To do this, display the complete sender address and compare it with previous messages. If there are contradictions here, caution is required.

Tip 2: Check the Form of Address

Also, the salutation in the email text helps you to identify phishing emails. Service providers who write to their customers usually use a personal form of address and name the e-mail recipient by name. This is not always known to fraudsters. If a message begins with "Dear Sir or Madam" or other standard phrases, you should ask yourself why your financial institution or a supposed online business partner does not know your name.

Tip 3: Pay Attention to Spelling and Grammar

If a message in your mailbox is teeming with grammatical and spelling mistakes, you can be sure that there was no bank clerk at the keyboard. Spelling mistakes and incomprehensible passages are a clear indication of fraudulent emails that were written in another language and automatically translated. The same often applies to email texts with missing umlauts or foreign-language letters.

Tip 4: Watch Out for Potential Click Traps

If a mail contains a link, that in itself is not a bad sign. Before you click the link, however, you should make sure that it leads to a reputable page. To do this, move the mouse over the link text and check the web address that is displayed in the lower-left corner of the browser window. Does this match the provider URL? And are there security features such as HTTPS for secure data transmission? If in doubt, do not click on the link and do not call up the specified target page manually in your browser.

Tip 5: Do Not Make Any Entries via Email

No serious service provider asks its customers to enter data via email. A corresponding HTML form in which log-in data or passwords are to be entered is therefore a clear indication of a phishing email. PINs or TANs are never requested by phone or email. Enter such data only on provider sites whose authenticity can be verified by security certificates.

Tip 6: Be Careful With File Attachments

Be skeptical when unexpected messages have attachments. The basic rule here is: If the sender is unknown, the file attachment should not be downloaded. It can contain malicious programs such as viruses and trojans that infect your computer and read sensitive data. Safe use for online shopping and banking is then no longer possible.

Tip 7: Don't Let Yourself Be Pressured

Caution is also required if an urgent need for action is signaled in an email. Con artists sometimes bring out the heavy artillery to put Internet users under pressure and induce them to act rashly. But no reputable provider threatens to block credit cards or a debt collection company by email, forcing a password to be entered or an attached file to be downloaded. If in doubt, contact the service provider's customer hotline.

What Can Be Done Against Phishing Emails?

If you have identified an email of unknown origin as a phishing email, you should move it to the spam folder in your mailbox and block the sender before deleting it. This is how you block further phishing attacks from this sender address. You can also contact the service provider on whose behalf the phishing e-mail was sent in order to limit the occurrence of fraudulent messages. Most providers provide uncomplicated contact channels such as professional email forms that you can use to report phishing emails. You should install antivirus software with a data recovery feature to provide protection against data loss causing by phishing.