Phishing - How to recognize fraudulent emails in good time

What subsequently happens with the tapped data varies. Some use the login details to withdraw money or buy goods. Others try out this data in other places in the hope that you will also use the same password where there is even more "up for grabs" for the fraudsters. Very large amounts of data are often intercepted by these tricks and sold to other fraudsters or advertisers.

Sender address: The displayed name of the sender may be misleading. For example, it may contain the name of your bank, even though the email comes from a completely different address. You can display the actual sender address by double-clicking on the sender. If the sender and address do not match or contain numbers, additional punctuation marks or spelling mistakes, it is probably phishing.

Missing or incorrect personal salutation: Your bank would not write to you with a simple "Hello", an impersonal "Good afternoon" or a generalized "Dear Sir or Madam". The greeting is therefore a first point you can pay attention to if you know for sure that the company knows your name. However, it is often possible for scammers to find out your name, especially if it is part of your email address or appears on your employer's website.

Spelling and grammar errors: Phishing emails are usually created automatically. They can come from all over the world, are written in different languages and often have to be translated. You can therefore recognize a scam attempt quite easily if there is a mistake in the spelling of the sending company or if the message has obviously been poorly translated into German.

Request to enter personal data: The main aim is to obtain names, addresses, e-mail addresses, credit card details and especially login details, i.e. user names in combination with passwords. A common trick is to ask you to log in to your account by clicking on a link or button.

Setting deadlines and urgent need for action: Pressure is deliberately built up to make you panic and tempt you to act emotionally. The aim is to get you to stop thinking and simply carry out the requested instructions. Phrases such as "Urgent: Your account has been blocked" should make you prick up your ears. But don't be fooled by extremely friendly phishing emails either.

Do you not know the company that is writing to you or do you have nothing to do with the sender? If you are not entirely sure, e.g. because it is a bank where you used to be a customer, contact the sender by other means such as email or telephone. Ask what data may still be stored about you and ask for it to be deleted.

Have you received an email from your insurance provider and aren't sure if it's genuine? Then pick up the phone, call them and ask. It's usually easy to find out whether the company has actually contacted you.

Rule of thumb: It's better to ask too much than too little.

To disguise the true Internet address, either shortened links are used or the links are hidden behind display texts such as "Click here". If you open an email on your computer and move your mouse over the suspicious link without clicking (!), the internet address hidden behind the link text or a shortened link will appear at the bottom left of your screen. Unfortunately, this trick does not work on mobile devices where you do not have a mouse. Therefore, wait until you have had the opportunity to check the link on another device before opening it.

Even if the email does not seem suspicious, you should not use the link in the email to log in to an account. Instead, access the desired website as usual via your browser or app and use the login screen that you normally use.

The attached files may contain malware, e.g. so-called Trojans, which spy on your device. This allows the scammers to obtain far more data than just access to the one account that lured you in. Although any file can contain malware, including text or image files ending in .pdf, .docx, .png or .jpg, you should be particularly careful with the file extensions .exe, .is, .lnk, .wsf, .scr, .jar and .bat. These already indicate that a program is hidden behind them, not a simple text or image file.

Many emails are now sent in HTML format because this makes it possible to include different fonts, bold or italic fonts or different font sizes. However, malware can also be programmed into these formats, which you download even without having opened the email attachment. To be on the safe side, you can change the message content from HTML to plain text in the settings of your e-mail program. However, you will then lose the option of formatting the text for all incoming and outgoing emails.

You may have been taken in by a phishing scam on a service where your data is not so sensitive. However, if you also use this password elsewhere, the damage may be greater than initially assumed. Therefore, use a different password for each account.

If you have nothing more to do in an account, you should always log out. Closing the browser window is not a proper logout, as the program continues to run in the background. By logging out, you provide less of a target if you have already picked up malware on your device.

If your name and email address are publicly known, e.g. on your employer's website, you will often be contacted by name. If it is an attack on your employer, known as spear phishing, the emails may be signed with your colleagues' names to make them look even more genuine. In this context, it is often a request to make a specific bank transfer (to the fraudster's account) or to check an attached invoice (which contains malware). Which companies are targeted is often random, but the more personal data there is on the company's website and the more sensitive the activities of the company itself are, the greater the attack surface.

Some emails look trustworthy and do not urge you to log in to a website, but contain links to fake websites in the hope that you will use them if you want to log in there in the future. Fake websites can be recognized, for example, by the fact that the domain of the website has a double ending such as "deutschebank.de.com" or uses an atypical spelling of the company. It is also standard nowadays for websites to be transmitted in encrypted form, which can be recognized by the "https" in the address bar of the browser. If the "s", which stands for "secure", is missing, it could be a fake site. Conversely, however, there is no guarantee: If the website is transmitted in encrypted form, it may still be a particularly good and elaborate fake website.

Less common, but still very sneaky, is so-called "pop-up" phishing, where a message suddenly pops up on your screen indicating that a virus has been found on your device, for example. The aim of the scammers is to scare you into downloading supposed anti-virus software, which is in fact a virus itself.

Precisely because many people are becoming increasingly aware of email phishing, more "classic" methods are once again becoming more attractive to fraudsters, e.g. a message via text message (often in the name of shipping service providers, banks and telecommunications providers) containing fraudulent links. The sending of printed letters containing a QR code that leads to a fake website is also on the rise.