Identifying phishing e-mails: the telltale signs at a glance

Phishing is one of the everyday threats users face when surfing the net. More and more people are ordering goods or making bank transactions online since it’s so convenient. E-mail is still the most important means of online communication, so scammers exploit this means of communication by inundating inboxes with fake messages. These include dubious links (to forged websites) and reply addresses that have been created by siphoning off the data of unsuspecting users. We reveal how you can protect yourself from data theft.

The basic aim of phishing is simple: cyber criminals send e-mails allegedly from banks, payment services, online marketplaces, or e-commerce service providers. These e-mails invite users to complete e-mail forms or to follow links to fake websites which require them to sign in in the hope they will end up revealing sensitive data. Phishing attacks aim to obtain usernames, passwords, PINs, and TANs so that fraudsters can make transactions or order goods on the user’s behalf. Many victims of phishing attacks first notice that their bank accounts or payment service accounts have been hacked when they look at their bank statement and see that unusual goods have been purchased or money has been transferred.

Being careful about what you open is sometimes all that’s needed to protect yourself from fraudulent e-mails. You can usually identify phishing e-mails as they’re from unknown senders, and are addressed impersonally, or contain spelling errors, skeptical links, or online forms.

• Sender: when you receive an official e-mail that is allegedly from your bank or an online service provider, you should first have a look at the sender. Ask yourself: who sent you the e-mail? Do you have any business connection with the sender? Did you even give them your e-mail address? Have a look at the full e-mail address and compare it to other e-mails you might have received from them. If there are any inconsistencies, exercise caution.
  
  
• Title: the way in which you’re addressed in the e-mail can reveal whether it’s legitimate or not. Service providers that write to their customers usually address them by name. Scammers don’t always know the e-mail recipient’s name so if a message begins with 'Dear Sir or Madam' or any other standard greeting, you should wonder why your bank or supposed online business partner doesn’t know your name
  
  
• Spelling and grammar: if a message is overflowing with grammatical and orthographic mistakes, then it’s quite obvious that a bank employee didn’t write it. Spelling errors and unintelligible paragraphs are a clear indication of fraudulent e-mails that were written in another language and then automatically translated.
  
  
• Links: it’s not necessarily a bad sign if an e-mail includes a link. But before you click on it, you should make sure that it leads to a reputable site. Hover over the link with your mouse and see what web address appears in the bottom left of your browser window. Is this address consistent with the service provider’s URL? Are there any security features such as HTTPS, which signifies secure data transmission? If you’re in doubt, play it safe and don’t access the website.
  
  
• Entering data: no serious online service provider will ask its customers to enter their details via e-mail. A corresponding HTML form, in which you are told to enter log-in details and passwords, is a clear indication of a phishing e-mail. PINs and TANs are also never asked for over the phone or via e-mail. Only enter data like this on the official service provider’s site whose authenticity can be checked by security certificates.
  
  
• Attachments: there’s definitely reason to be concerned when unexpected messages have attachments. Heed the basic rule: if you don’t know the sender, don’t download the attachment. It might contain malicious programs such as viruses or Trojans, which can infiltrate your computer and read sensitive data. Doing online shopping and making banking transactions would then no longer be secure on your computer.
  
  
• Pressure: if an e-mail requires you to take urgent action, you should be wary. Tricksters often pull out the big guns to put internet users under pressure and cause them to make impetuous decisions. No reputable service provider threatens to block your credit card or send the debt collectors round via e-mail. Nor do they demand you to enter your password or to download an attached file. If in doubt, contact the service provider’s customer hotline.

If you’ve discovered a phishing e-mail, you should move it to your spam folder and block the sender before you delete it. This is how you can make sure you don’t receive any more e-mails from this address. If you want to curb the rise of fraudulent messages in the long-term, you can contact the service provider who is alleged to have sent the phishing e-mail. Many providers can easily be contacted via professional e-mail forms so you can use them to report phishing.