StartBlogCaution trapRecognise phishing e-mails - avoid damage
Fishing Mail: Envelope with (fishing) hook

Again, running a website is similar to running a garden: Not everything that grows and thrives there is also useful and desirable. Here, as there, it is important that you can distinguish useful from harmful content.

Phishing e-mails are an extremely annoying and dangerous network growth, which you - especially if you operate a website - have certainly already had in your inbox.
They usually suggest an urgent need for action and ask you to click on links contained in the email. If you do this, however, you may have already been fooled.
Such links can call up scripts on the net that have been specially set up by the senders of the mail to install malware such as viruses, Trojans, spambots or similar on your computer.
If such sites are visited with a susceptible computer without effective virus protection, damage is to be feared: Data can be lost. This may result in high costs for restoring a clean system.

The other, no less risky variant is an alleged login form that can be reached via the link, in which you are supposed to enter credit card data or access data from an online bank, web space or telephone provider or similar in order to log in for some ostensible purpose.
User names, passwords, PINs and TANs entered there go directly to the authors of the mail and enable them to misuse the data. The possible consequences are easy to imagine.
Such mails can also contain file attachments such as alleged invoice or reminder documents, which should never, really never, be opened before a thorough check of their authenticity. They can also contain malware that spreads on your computer when you open them.

In order to avoid such consequences, it is essential to be able to reliably identify phishing e-mails as such: often not so easy at first glance.

But don't worry: There are a handful of criteria that unmask a phishing email quite reliably.

1. supplier / offer

If you receive a message threatening, for example, imminent disaster regarding your PayPal account or your Netflix account, but you don't want to use the service in question, you should contact your service provider. not booked at all then the matter is closed for you - no matter how convincingly the e-mail is faked. So first check: Is it even possible that the facts described concern me?

Subject

Most of the time, phishing emails suggest special urgency already in the subject line: "Last reminder", "Last notice before discontinuing your services", "Urgent change to your account", "Important security update".
Threats of dunning or debt collection procedures are worrying, but at the same time an indication of probable forgery. Even the most postage-saving provider will resort to letter post instead of sending an e-mail if legal action is to be taken for the sake of legal certainty.
The following should always apply: Keep calm! The more urgent the alleged need for action, the more carefully you should check.

A request for action by email with severe consequences if not dealt with within a day is likely to be Simply excluded be.

3. content / language

Even if the counterfeits are becoming visually better and better, the Language used often conspicuous. Here, one's own feeling for language provides important clues. Awkward phrasing, grammatical errors and sentences that seem badly translated into German indicate forgery.

4. referral targets

They are the surest criterion that something is wrong with the message: The actual addresses of the links contained in the message.
If you place the mouse pointer in the e-mail programme or webmailer - WITHOUT CLICKING - on the contained links, the link destination is displayed somewhere, usually at the bottom of the window, depending on the software. If any link here has a Address deviating from the visible link text which has nothing to do with the alleged provider, the case is clear: counterfeit, hands off!
In a recently received alleged mail from the provider Strato, one of the links displayed reads:
https://www.strato.de/manager/billing/history/debt/all/pay
However, the actual referral target
https://zahlung.strato.de.brunosalvador.it/

Screenshot Fishing Mail

At first glance, one might think of a Strato address, but: The *last* part of the string separated by a dot between the double slash "//" of a URL and the end or the first single slash, in this case "it", is the top-level domain. The part before it, i.e. "brunosalvador", is the decisive domain name. Only these two parts designate the linked server - "brunosalvador.it". Everything to the left can be ignored in this context. So this address has nothing whatsoever to do with Strato. The message is fake.

Another example: DKB-Bank my ass - the link actually points to a completely different server under an Italian top-level domain.

5. web research

A web search can dispel any last doubts. The Entering the subject in a search engine often delivers clear results. The hits usually include entries from relevant portals dealing with spam warnings or messages from the service providers themselves warning of phishing mails distributed in their name.

What to do?

Once you have identified an incoming message without a doubt as a phishing e-mail, you can basically ignore and delete. If any doubts remain after the above checks, simply contact the provider, depending on the occasion, in order to check any existing Confirm need for action to let
If you are sure that you have discovered a phishing e-mail, you can also Report to the alleged provider. Many providers have special e-mail addresses or web forms for so-called abuse reports.

See also

Access data under control

Access data under control

6 November 2020

Convenience in dealing with access data and passwords often leads to security risks. Yet secure solutions are not that difficult.

Why hosting always means management and managed hosting is sometimes simply better

5 December 2019

Managed hosting means that a service provider takes care of the entire hosting process and automatically carries out those maintenance tasks in the background that mean you are spared cryptic requests from your hoster - and protected from scenarios like this ...

We will be happy to call you back.

Scroll to Top