11.08.2020

Caution trap
Fishing Mail: Envelope with (fishing) hook

Recognise phishing e-mails - avoid damage

Again, running a website is similar to running a garden: Not everything that grows and thrives there is also useful and desirable. Here, as there, it is important that you can distinguish useful from harmful content.

Phishing e-mails are an extremely annoying and dangerous network growth that you - especially if you run a website - have certainly already had in your mailbox.
They usually suggest an urgent need for action and ask you to click on links contained in the email. If you do this, however, you may have already been fooled.
Such links can call up scripts on the net that have been specially set up by the senders of the mail to install malware such as viruses, Trojans, spambots or similar on your computer.
If such sites are visited with a vulnerable computer without effective virus protection, there is a risk of damage: Data can be lost. The cost of restoring a clean system may be high. The other, no less risky variant is an alleged login form accessible via the link, in which you are supposed to enter credit card details or access data from an online bank, web space or telephone provider or similar in order to log in for some alleged purpose.
User names, passwords, PINs and TANs entered there go directly to the authors of the mail and enable them to misuse the data. The possible consequences are easy to imagine.
Such mails can also contain file attachments such as alleged invoice or reminder documents, which should never, really never, be opened before a thorough check of their authenticity. They can also contain malware that spreads on your computer when you open them.

To avoid such consequences, it is essential to be able to reliably identify phishing emails as such: often not so easy at first glance.

But don't worry: There are a handful of criteria that unmask a phishing email quite reliably.

Provider / Offer

If you receive a message threatening, for example, imminent disaster regarding your PayPal account or your Netflix account, but you don't want to use the service in question, you should contact your service provider. not booked at all then the matter is closed for you - no matter how convincingly the e-mail is falsified. So first check: Is it even possible that the facts described concern me?

Subject

Phishing emails usually suggest particular urgency in the subject line: "Last reminder", "Last message before your services are cancelled", "Urgent change to your account", "Important security update".
Threats of dunning or debt collection procedures are worrying, but at the same time an indication of probable forgery. Even the most postage-saving provider will resort to letter post instead of sending an e-mail if legal action is to be taken for the sake of legal certainty.
The following should always apply: Keep calm! The more urgent the alleged need for action, the more carefully you should check.

A request for action by email with severe consequences if not dealt with within a day is likely to be Simply excluded be.

Content / Language

Even if the counterfeits are becoming visually better and better, the Language used often conspicuous. Here, one's own feeling for language provides important clues. Awkward phrasing, grammatical errors and sentences that seem badly translated into German indicate forgery.

Referral targets

They are the surest criterion that something is wrong with the message: The actual addresses of the links contained in the message.
If you place the mouse pointer in the e-mail programme or webmailer - WITHOUT CLICKING - on the links contained, the link target is displayed somewhere, usually at the bottom of the window, depending on the software. If there is a Address deviating from the visible link text which has nothing to do with the alleged provider, the case is clear: counterfeit, hands off!
In a recently received alleged mail from the provider Strato, one of the links displayed reads:
https://www.strato.de/manager/billing/history/debt/all/pay
However, the actual referral target
https://zahlung.strato.de.brunosalvador.it/

Screenshot Fishing Mail

At first glance, you might think of a Strato address, but: The *last* part of the character string between the double slash "//" of a URL and the end or the first single slash, in this case "it", is the top-level domain. The part before it, i.e. "brunosalvador", is the decisive domain name. Only these two parts designate the linked server - "brunosalvador.it". Everything to the left of it can be ignored in this context. So this address has nothing whatsoever to do with Strato. The message is fake.

Another example: DKB Bank - the link actually points to a completely different server under an Italian top-level domain.

Web research

A web search can dispel any last doubts. The Entering the subject in a search engine often delivers clear results. The hits usually include entries from relevant portals dealing with spam warnings or messages from the service providers themselves warning of phishing mails distributed in their name.

What to do?

Once you have identified an incoming message without a doubt as a phishing e-mail, you can basically ignore and delete. If any doubts remain after the above checks, simply contact the provider, depending on the occasion, in order to check any existing Confirm need for action to let
If you are sure that you have discovered a phishing e-mail, you can also Report to the alleged provider. Many providers have special e-mail addresses or web forms for so-called abuse reports.

All other contributions