Fake e-mails (so-called phishing e-mails) are appearing more and more frequently on the Internet. An attempt is made to steal important data from you as the recipient. At first glance, these emails often look deceptively real. This is exactly what is fatal for many users if they provide their sensitive data in good faith. Not only can opening phishing emails infect your computer with a virus, but it can cost you real money. We'll show you what to look out for when dealing with suspicious emails and how you can protect your personal data from fraudsters.
How can I recognize phishing?
Phishing, a mixture of password and fishing (password fishing), can be recognized very easily based on a few criteria:
1. Fake sender address
If the sender address looks strange , caution is required. Often banks or online banking platforms (e.g. PayPal), as well as sales sites (e.g. eBay or Amazon) are chosen as pseudo senders. This means that the return email address looks like it came from a reputable writer. In most cases, these addresses are similar to the originals , but not exactly the same. An example: [email protected] instead of [email protected]
Some phishing addresses are also cryptic combinations of numbers and letters . Contacts known to you can also be hacked have been. Then you may get phishing emails from people you actually know - which of course makes it particularly difficult to identify potentially dangerous content. You have to be especially careful with subjects like "Look where I linked you to" or the like.
2. Recipient address
Even if it sounds banal: You should always check to which e-mail address the suspicious e-mail was sent . Of course, this is only important if you have several addresses. Let's say you're signed into PayPal with a Gmail address . You have now received an email from a supposed PayPal sender to your web.de address . Then you can assume that this email is phishing.
The CC recipient field can also provide information: Here you can see to whom this mail has been sent. Unless you are the sole recipient of a suspicious email, don't open it in the first place..
3. Suspicious subject
If the mail subject strikes you as strange , you should be careful. This is often the first indication of a phishing email. To suspect phrases include, for example, "Now hot singles in your area to get to know" or "Someone from your region earned € 2,000 a week. So you can also do that."
4. Impersonal salutation
If you receive an e-mail that begins with "Dear Sir or Madam" or something similar, it could be a phishing e-mail. At least insofar as this email comes from a company that normally sends personal emails . Larger companies, such as Amazon or banking services, always address you personally in your emails . This means that you already know from the salutation whether this email is legitimate.
5. Unusual formatting
Phishing emails often have very poor spelling or syntax . "Denglisch", a mixture of German and English, is also not uncommon. In addition, the representation of special characters such as umlauts often provides information. For example, if ä appears as a, a Cyrillic letter, or a box such as ■, it could be a phishing email.
If you still have remnants of HTML commands like <b> / </b> or <p> in your email, it is possibly phishing. The same applies to an inconsistent layout : the font within a section or the mail changes frequently or it has not become the default font chosen by this shipper..
6. Request for confirmation of personal information
Most phishing emails ask for confirmation of personal information . This should be done using a TAN procedure or by entering this data. Some also contain threats such as "If you don't provide your details, your account will be suspended". This often occurs in connection with a deadline . The request includes specific information about your account or confidential data such as PIN, TAN or a password. A real address or a date of birth are also required. Real companies will never ask you for such data in an email.
7. Links to websites
In many cases, suspicious emails point to websites . The links to these websites often look confusingly similar to the original link . Here, too, amzon.com is used as an example instead of amazon.com. In some cases the links also contain strange combinations of numbers and letters , such as amazon.klick-me.com or [email protected]. When you visit such a website, it can look like a real page at first glance . If you click on certain areas, you will get an error message. In most cases, the website either prompts you for sensitive information or automatically Computer virus downloaded .
8. Attachments
Phishing emails often contain attachments. The attachment usually does not have a proper name, but an unspecific character string and can look like an image or a PDF file . Often times the download is either automatically redirected to a fake website or a computer virus is downloaded . You should therefore under no circumstances open or download the attachment of a phishing e-mail.
How can I protect myself and others?
1. Check the sender
Protection against phishing emails can never be 100% guaranteed - unless you do not have an email address. However, you can try to contain the damage as much as possible . The basic rule is: Do not open any e-mails if you do not know the sender . If you've received any suspicious emails, it is a good idea to block the email addresses of the authors . This will stop you from receiving any further emails from these scammers. And even if the mail appears to come from an acquaintance or friend : If something seems strange with it, stay away! The best thing to do is to ask the friend in question personally if the suspicious message was actually from them.
2. Check links
If there is a link in an e-mail, always check its address before opening it. Right-clicking on a link will show you, among other things, where the link will take you. But be careful! The link can also lead to a phishing website. The address of this fake website almost looks like a real, legitimate page . But only almost. Therefore, it is better to look twice at suspicious emails than to fall victim to fraud.
If the address you provided looks safe, don't click the link anyway. Here you should get the address independently in a new browser window. In this way you can be sure that the supposedly secure link does not redirect to another page . And if you want to enter sensitive data on a website , you should make sure that the connection is secure . This is displayed with an "s" after the http in the header line. An address then looks like this: http s : //www.heise.de/tipps-tricks/
3. Report spoofed emails to affected companies
If you suspect that you have received a spoofed email from a known company , you should contact that company . On the one hand, you can be sure in this way that the mail actually came from this author - or not. On the other hand, you can notify the company directly that fake emails are being sent on its behalf. Amazon offers instructions on how to deal with fake emails from Amazon. Because such fraudulent emails can be very damaging to a company - even if it has nothing to do with the fraud.
4. Always use secure networks
A general tip should be added: If you want to handle personal data on the Internet, always log in via a secure network . This includes, for example, your own home network. Public WLAN connections , such as in restaurants or airports, should never be used for processing sensitive data . At first glance, these may appear serious. But be careful: anyone can tinker with such a network. Here you will find further tips for safe surfing in public Wi-Fi networks.
What can I do as a phishing victim?
If you suspect that you have been caught by a phishing email, have your data checked by the original provider immediately . The best thing to do is to change all access data , such as username and password. If your PC has become part of a phishing attack and you have installed a password manager on the PC, you have more work to do : you should change all the passwords that you have saved in the manager. It is also advisable to use anti-virus software . This can fend off virus attacks through phishing emails in a targeted manner.