Phishing emails are a high-security risk. We explain to you what it is and how you can protect yourself from it.
Fake emails (so-called phishing emails) are appearing more and more frequently on the Internet. An attempt is made to steal essential data from you as the recipient. At first glance, these emails often look deceptively real.
This is exactly what is fatal for many users if they provide their sensitive data in good faith. Not only can opening phishing emails infect your computer with a virus, but it can cost you real money. We will show you what to look out for when dealing with suspicious emails and how you can protect your data from fraudsters.
How can I recognize phishing?
Phishing, a mixture of password and fishing (password fishing), can be recognized very quickly based on a few criteria:
1. Fake sender address
If the sender address looks strange, caution is required. Often, banks or online banking platforms (e.g. PayPal) and sales sites (e.g. eBay or Amazon) are chosen as pseudo senders. This means that the return email address looks like it came from a reputable writer. In most cases, these addresses are similar to the originals but not the same. An example: email@example.com instead of firstname.lastname@example.org
Some phishing addresses are also cryptic combinations of numbers and letters. Contacts known to you can also have hacked have been. Then you may get phishing emails from people you know – which of course, makes it particularly difficult to identify potentially harmful content. You have to be especially careful with subjects like “Look where I linked you” or the like.
2. Recipient address
Even if it sounds banal, you should always check which email address the suspicious email was sent. Of course, this is only important if you have several addresses. Let’s say you’re signed into PayPal with a Gmail address. You have now received an email from a supposed PayPal sender to your web.de address. Then you can assume that this email is phishing.
The CC recipient field can also provide information: Here, you can see to whom this mail has been sent. Unless you are the sole recipient of a suspicious email, could you not open it in the first place?
3. Suspicious subject
If the mail subject strikes you as strange, you should be careful. This is often the first indication of a phishing email. To suspect phrases include, for example, “Now hot singles in your area to get to know” or “Someone from your region earned € 2,000 a week. So you can also do that.”
4. Impersonal salutation
If you receive an email that begins with “Dear Sir or Madam” or something similar, it could be a phishing email. At least insofar as this email comes from a company that usually sends personal emails. Larger companies, such as Amazon or banking services, always address you personally in your emails. This means that you already know from the salutation whether this email is legitimate.
5. Unusual formatting
Phishing emails often have abysmal spelling or syntax. “Denglisch”, a mixture of German and English, is also not uncommon. In addition, the representation of special characters such as umlauts often provides information. For example, if ä appears as a Cyrillic letter or a box ■, it could be a phishing email.
If you still have remnants of HTML commands such as <b> / </b> or <p> in your email, it is possibly phishing. The same applies to an inconsistent layout: the font within a section or the mail changes frequently or has not become the default font chosen by this shipper.
6. Request for confirmation of personal information
Most phishing emails ask for confirmation of personal information. This should be done using a TAN procedure or by entering this data. Some also contain threats such as “If you do not provide your details, your account will be suspended”. This often occurs in connection with a deadline. The request includes specific information about your account or confidential data such as PIN, TAN or a password. An actual address or a date of birth are also required. Real companies will never ask you for such data in an email.
7. Links to websites
In many cases, suspicious emails point to websites. The links to these websites often look confusingly similar to the original link. Here, too, amzon.com is used as an example instead of amazon.com. The links also contain strange combinations of numbers and letters, such as amazon.klick-me.com or email@example.com. When you visit such a website, it can look like an actual page at first glance. If you click on specific areas, you will get an error message. In most cases, the website either prompts you for sensitive information or automatically computer virus downloaded.
Phishing emails often contain attachments. The attachment usually does not have a proper name but an unspecific character string and can look like an image or a PDF file. Often the download is either automatically redirected to a fake website or a computer virus is downloaded. You should, therefore, under no circumstances open or download the attachment of a phishing email.
How can I protect myself and others?
1. Check the sender
Protection against phishing emails can never be 100% guaranteed – unless you do not have an email address. However, you can try to contain the damage as much as possible. The basic rule is: Do not open any emails if you do not know the sender. If you’ve received any suspicious emails, it’s a good idea to block the authors’ email addresses. This will stop you from receiving any further emails from these scammers. And even if the email appears to come from a friend or acquaintance: If something seems strange with it, stay away! The best thing to do is to ask the friend in question personally whether the suspicious message was actually from them.
2. Check links
If there is a link in an email, always check its address before opening it. By right-clicking on a link, you can see, among other things, where the link will take you. But be careful! The link can also lead to a phishing website. The address of this fake website almost looks like an actual, legitimate page. But only almost. Therefore, it is better to look twice at suspicious emails than to fall victim to fraud.
If the address you provided looks safe, don’t click the link anyway. Here you should get the address independently in a new browser window. In this way, you can be sure that the supposedly secure link does not redirect to another page. And if you want to enter sensitive data on a website, you should make sure that the connection is secure.
3. Report fake emails to affected companies
If you suspect that you have received a spoofed email from a known company, you should contact that company. On the one hand, you can be sure in this way that the mail came from this author – or not. On the other hand, you can notify the company directly that fake emails are being sent on its behalf. Amazon offers instructions on dealing with fake emails from Amazon because such fraudulent emails can be very damaging to a company – even if it has nothing to do with the fraud.
4. Always use secure networks
A general tip should be added: If you want to handle personal data on the Internet, always log in via a secure network. This includes, for example, your home network. Public WLAN connections, such as in restaurants or airports, should never be used for processing sensitive data. These may appear serious at first glance. But be careful: anyone can mess around in such a network. Here you will find further tips for safe surfing in public WLAN networks.
What can I do as a phishing victim?
If you suspect that you have been caught by a phishing email, have your data checked by the original provider immediately. The best thing to do is to change all access data such as username and password. If your PC has become part of a phishing attack and installed a password manager on the PC, you have more work to do: change all the passwords you have saved in the manager. It is also advisable to use anti-virus software. This can specifically fend off virus attacks through phishing emails.
Also Read: What Is Phishing?