How to identify phishing emails

Phishing is one of the everyday threats users face when surfing the net. Scammers take advantage of how popular email communication is and exploit this means of communication by inundating inboxes with fake messages. These include dubious links (to fake websites) and reply addresses, which are used to obtain the data of unsuspecting users. We reveal how to identify phishing emails so you can protect yourself from data theft.

How do scammers use phishing emails to their advantage?¶

The basic aim of phishing is simple. Cybercriminals send out emails where they pose as banks, payment services, online marketplaces, or e-commerce service providers. These emails invite unsuspecting users to complete forms or to follow links to seemingly official website in the hope that they will end up revealing sensitive data when they are asked to log in. Phishing attacks aim to obtain usernames, passwords, PINs, and TANs so that scammers can make transactions or order goods on the user’s behalf. Many victims of phishing email attacks first notice that their bank accounts or payment service accounts have been hacked when they look at their bank statement and see that unusual goods have been purchased or money has been transferred.

The best tips on how to identify phishing emails¶

Being careful about what you open is sometimes all that’s needed to protect yourself from fraudulent emails. You can usually identify phishing emails as they’re from unknown senders and are addressed impersonally. They also contain spelling errors, suspicious links or online forms. Here are the top tips on how to identify phishing emails and effectively protect yourself from attacks:

Tip 1: Check the name and the address of the sender¶

When you receive an official email that is allegedly from your bank or an online service provider, you should first have a look at the sender. Ask yourself who sent you the email? Do you have any business connection with the sender? Did you actually give them your email address? Have a look at the full email address and compare it to other emails you might have received from them. If there are any inconsistencies, exercise caution.

Tip 2: Check the greeting¶

The way in which you’re addressed in the email is one way to know how to identify phishing emails and can reveal whether one is legitimate or not. Service providers that write to their customers usually address them by name. Scammers don’t always know the email recipient’s name so if a message begins with “Dear Sir or Madam” or any other standard greeting, you should wonder why your bank or supposed online business partner doesn’t know your name.

Tip 3: Check spelling and grammar¶

If a message contains a lot of grammatical mistakes and spelling errors, that’s a clear sign that a bank employee didn’t write it. These types of errors as well as unintelligible paragraphs are a major indication of fraudulent emails that were written in another language and then automatically translated.

Tip 4: Check for potentially fraudulent links¶

It’s not necessarily a bad sign if an email includes a link. But before you click on it, you should make sure that it leads to a reputable site. Hover over the link with your mouse and see what web address appears in the bottom left of your browser window. Is this address consistent with the service provider’s URL? Are there any security features such as HTTPS, which signifies secure data transmission? If you’re in doubt, play it safe and don’t access the website.

Tip 5: Do not enter data via email¶

No serious service provider will ask its customers to enter their details via email. A corresponding HTML form, in which you are told to enter login details and passwords, is a clear indication of a phishing email. PINs and TANs are also never asked for over the phone or via email. Only enter data like this on the official service provider’s site, whose authenticity can be checked with security certificates.

Tip 6: Beware of attachments¶

There’s definitely reason to be concerned when unexpected messages have attachments. Heed the basic rule that if you don’t know the sender, don’t download the attachment. It might contain malicious programs such as viruses or Trojans, which can infiltrate your computer and read sensitive data. If this happens, doing online shopping and making banking transactions will no longer be secure on your computer.

Tip 7: Don’t feel pressured¶

If an email requires you to take urgent action, you should be wary. Scammers often pull out the big guns to put internet users under pressure and cause them to make hasty decisions. No reputable service provider threatens to block your credit card or send the debt collectors round via email. Nor do they demand you to enter your password or to download an attached file. If in doubt, contact the service provider’s customer hotline.

How to combat phishing emails¶

If you’ve discovered a phishing email, you should move it to your spam folder and block the sender before you delete it. This is how you can make sure you don’t receive any more emails from this address. If you want to curb the rise of spam messages in the long term, you can contact the service provider who allegedly sent the phishing email. Many providers can easily be contacted via professional email forms, which you can use to report phishing attempts.