Perhaps you have already had the odd e-mail in your mailbox? This could be a phishing e-mail from fraudsters. Learn more about the term phishing and how to protect yourself from these fake e-mails.

What is phishing? – a definition

Phishing has its origins in the terms “password harvesting” and “fishing”. Phishing refers to attempts by cyber criminals to obtain or “fish” for users’ personal data by sending fake e-mails and links. Here, fraudsters create fake e-mails from banks and online shops so real that the recipient believes that the message is genuine and actually comes from the corresponding online service.

The fraudsters’ aim is for users to click on the fake link or dangerous attachment. This makes it possible for hackers to obtain user names and passwords. This enables the fraudsters to access a credit card, empty an entire account or launch a hacking attack on a company.

Phishing is a form of malware

Since, especially in the area of cybercrime, a lot of terms appear which unsettle and irritate many online customers, we would like to classify phishing at this point.

Phishing can be described as a type of malware in addition to viruses, Trojans, spyware, rootkits and ransomware. The term malware refers to any form of malicious software that accesses hardware or software without the user’s knowledge to cause damage, steal data or spy on information.

To detect incoming phishing emails

It is important that they recognize phishing mails from the very beginning in order to avoid unnecessary damage and to protect themselves from Internet fraudsters in the long term. We will show you how this works. You can identify harmful phishing mails by means of the following aspects:

  • Your name is missing

    Banks and online payment services never use the general form of address in e-mails: “Dear Customer” or similar, but always address the recipient at least by their last name. Some clever phishing perpetrators already use the personal name, but fortunately there are other features to identify harmful messages in the mailbox.

  • Entering personal data

    If you are asked by the sender in an e-mail to enter personal data or even to enter a PIN or TAN in a link, it says hands off. Banks would never ask you to enter access data, including password, in an e-mail link.

  • Grammar errors or texts in another language

    An example: “Dear Mr. Sabrina Müller …” should, of course, cause immediate surprise. Pay attention to incorrect spelling, grammar mistakes and an unnatural reading flow. These indications may indicate that the message was translated into German or English with an online translation tool and is not genuine.

  • Opening a file, link or form

    You should be extremely careful when you receive an e-mail from a suspected bank, payment service or alleged debt collection company that contains an attachment. Under no circumstances should the attachment be clicked and opened! Because they often contain other malicious software, such as a Trojan.

    As a general rule, banks send letters to their customers. Only in exceptional cases do they send e-mails, for example when it is about information about the bank itself, but never based on personal data of the respective customer.

  • Requests: urgent need for action

    Urgent requests with deadlines should also be ignored. Fraudsters use this scam to scare customers and exert pressure. Some users have been in a sweat when they have been threatened with account suspension or huge fee payments by email from the wrong sender.

    Here, too, it is important to keep a cool head, not to react hastily to the request and not to open any files or links!

Protection against phishing mails

If you follow the above points, you can already recognize incoming phishing mails very well.

In principle, however, there are other ways to protect yourself from fake Internet pages via incoming phishing messages. For complete protection of your account, it is recommended that you never log into online banking systems via public WLAN networks and, above all, that you never use them to enter access data or even PIN and TAN.

You should also carefully check every link that ends up in your e-mail program. If you want to be completely on the safe side, you can also look at the sender in the mail header. There you will find information about the sender and the IP address. Both give you a hint about the real sender of the e-mail.

To avoid clicking on e-mail links, you can alternatively always open a separate window in your browser and enter the Internet address of your desired online service there. Even if you are following up on a special offer from a newsletter and want to redeem a discount, you can use this method. Because trustworthy online discounts also work via direct links, i.e. without the click from the e-mail program. This way you can avoid phishing attempts from the outset and ensure greater security.

It is also very advisable never to enter personal data on websites that are not encrypted. It is best to only use websites that begin with “https://…”.

Check your online account regularly. If the outgoing payments from your account are not correct, contact your bank immediately. Even if you receive phishing e-mails from fraudsters, contact the right website operator and point this out immediately.

This is what you can do if you have opened a phishing email

You accidentally clicked on a link from a phishing e-mail or even downloaded the attachment? At this point you should not panic, because direct damage does not always occur.

Please act as follows: Update your antivirus program and check whether your computer is free of malware. If you are still unsure, you can also have your computer or smartphone checked for malicious software by an IT professional. If the danger still exists, it’s best to change the passwords of the online service concerned directly and contact them. In even worse cases, you can contact the consumer advice centre. They can check your specific case and help you further.