Phishing: How to recognize attempted attacks

Almost every Internet user has received one at some point: Either in the spam mailbox or, even worse, in the normal mailbox disguised as a supposedly reputable and well-known sender. We are talking about “phishing e-mails”. But what exactly are phishing emails? Behind the term is a scam where email senders pretend to be someone else and want to capture account or log-in information from unsuspecting victims. In the worst case, one click on a fake mail can cost you a lot of money – especially if it is an alleged e-mail in the name of your bank. The word is derived from the English fishing (angling, fishing). The perpetrator thus “fishes” for passwords or installs malware by using fake emails as bait. At first glance, these emails look deceptively genuine.

Characteristics phishing

1. wrong sender address

Pay attention to the sender address first. If this looks questionable, you should be careful here. At first glance, these seem to be correct. Example: Users of the online payment service PayPal often receive phishing mails with the sender: service@paypl.com instead of service@paypal.com. In almost every phishing email, these addresses are similar, but just not identical. Sometimes sender mails also have suspicious characters in their names. Attention: The sender name displayed in the email inbox is not always the actual email address when you click on Details. In case of suspicion, check the detailed and complete sender address.

2. calls to action in the text

If the text asks you to take action, you should immediately become suspicious. Scammers threaten you with phrases like “If you don’t do this, we’re afraid we’ll have to block your account,” “Leave us your PIN for your online banking account to verify yourself,” etc. Rule number 1 here: Don’t let yourself be pressured. Even if you are promised the big inheritance from the Nigerian prince and you have to transfer money in advance, there is almost always a scam behind it. ( Translated with www.DeepL.com/Translator (free version)Spiegel article)

3. pay attention to salutation, spelling and grammar.

Most phishing emails do not address you personally by name. The salutation is kept mostly general (“Dear users”). In most cases, such scam emails are written in English and have no signature or an incorrect signature at the end. If you receive the mail in English, look for grammatical conspicuities and spelling mistakes.

4. be careful with file attachments

Have you ever received a reminder, invoice or order confirmation of things you never ordered? Then scammers are trying to get you to open a file attachment. Here, first check what file format it is. Very dangerous email attachments are: .exe, .bat. , .pif, .scr, .com, .cmd or even file formats of Microsoft’s Office products that contain macros. Warning: the misconception that you are “safe” if you open the mail via smartphone or tablet to check is not true nowadays! Android and iOS are also vulnerable via email and are the target of thousands of scammers.

How can I protect myself from fraudulent emails?

In the first place, there is a comprehensive spam filter and virus protection. With the help of appropriate anti-spam software, the risk can be significantly reduced. Manufacturers such as Kaspersky offer complete Internet security packages. In addition to a good spam filter, these also offer protection against phishing. But the best software is useless if the gateway is behind the computer. Unfortunately, damage usually occurs when people themselves act carelessly and gullibly. Regular security education and training for employees help make companies safer. We would be happy to help you find the right security solution for your company. For more information on IT security, please visit our homepage at:

More about Endpoint Security