Phishing e-mails are not only annoying, in the worst case they can also cause consumers to lose a lot of money. TECHBOOK therefore regularly warns of new scams. Phishing emails can be exposed with a simple trick.
They allegedly come from banks, online shops or streaming services and want to get users to give up their sensitive data for various reasons – so-called phishing emails. If users fall for this, data such as name, address and telephone number, as well as access data or account and credit card data, fall into the hands of scammers. In case of doubt, this means enormous damage. Anyone who suddenly receives an e-mail from a provider or service provider should therefore always be careful. TECHBOOK reveals which features you should look out for and how you can reliably identify phishing mails.
Commonly used phishing tricks
Fraudsters often use the names of banks such as DKB, ING, Sparkasse, Volksbank, Commerzbank etc. for their scams, because they suspect quick money here. In order to get the most extensive data sets possible, they pretend in their phishing emails that account holders have to take action quickly due to a special situation. For example, incorrect debits were registered, which is why you have to authenticate yourself with your login data and confirm or reject the payment in order to avoid follow-up costs or an account blocking. It is possible that a debit could not be made due to an error, which is why a confirmation must also be made after a login.
Changes or conversions are also frequently seen at the banks themselves – such as an update for an app, new terms of use or checking that customer data records are up to date. All in conjunction with a link or a QR code for recipients to log in for more information.
Whatever the wording of the phishing email, it always describes a precarious situation that requires quick action. In most cases, the recipients are only given a short time to react. That should build pressure.
Phishing emails often look legitimate
There is still the belief that phishing emails are easy to recognize because they are written in bad German, are riddled with errors or are not particularly well designed graphically. That’s not the case. The scammers are clever and create emails that look deceptively real and give the impression that they come from the named sender, such as a bank or a streaming service. Often even the sender address seems legitimate and in some cases the recipients are even addressed by their names. How can that be?
If a portal is hacked, huge amounts of data fall into the hands of fraudsters, who often resell them. So it may well be that someone knows your name, your e-mail address or even the platforms you use. The scammers then randomly create phishing emails in the hope that the chosen sender is a service or provider used by the recipient. So it can happen that you actually receive an e-mail that appears to come from your bank, in which you are addressed by name. That pretends seriousness. If this e-mail is then created in the right layout and shows the corresponding logo, many users are quickly convinced and click on the integrated links without hesitation. The trap snaps shut.
The links usually hide deceptively real websites that ask you to enter login data. But it is also not certain who becomes skeptical about this step and leaves the website without entering anything. It is not uncommon for a Trojan to be installed in the background when the link is clicked, which scammers can use to spy on users days and weeks later.
Also read: Can you tell legitimate emails from phishing?
3 quick tips to spot phishing emails
Despite all the effort on the part of the scammers, there are still a few tricks that can be used to identify phishing emails relatively easily and reliably.
Insider tip Dark Mode
As mentioned at the beginning, the fraudsters use the logos and the layout of the banks, shops and services to feign authenticity. Signatures are also often inserted. But in dark mode, these details copied into the phishing emails can be easily recognized. Fake logos and signatures are framed in white because they don’t have the special formatting of their real counterparts.
The dark mode, or dark mode, is easy to set, especially on the smartphone. But it is also available on PCs and laptops – either across systems or for individual applications such as Gmail or Microsoft Outlook.
Check mail sender
For example, the DKB, ING or Amazon is specified as the sender. At first glance, the e-mail appears to have come from this company. Just click on the sender. Then the complete e-mail address opens. If this does not come from @dkb.de, @ing.de or @amazon.de, it is most likely a fake.
Beware of links
In general, your bank will never ask you to click a link in an email. If you are still unsure, check the link before you click on it. This is done by hovering over it with the mouse pointer. The complete link address then appears in a pop-up window – which usually opens at the bottom. It should be clearly assignable to the sender. Be careful with abbreviations such as bit.ly! Behind it are fake websites.
More precautions
If you receive an e-mail from a service provider, your bank or the like, in which you are asked to respond, it always helps to check directly on the website whether the statement is correct. You should make sure that you either use the app or enter the address directly into the browser line. Avoid browsing the site via Google searches. Because the results on Google can also be manipulated. An entry listed above may then also lead users to a fake website.
The spokesman for the DKB, Hauke Kramm, confirmed to us in an interview: “In search engine fraud, fraudsters imitate the website and even the login mask of banks and position them prominently in various search engines for a certain period of time.” access login data for banking. Some of these websites also contained Trojans that secretly loaded malware onto the computer as soon as the page was opened.
In order to protect yourself from possible malware, you should therefore never download attachments from e-mails that you have not explicitly waited for. Because it is easy for scammers to hide Trojans or malware here.
Also read: Fraud at Sparkasse, ING, DKB – common phishing scams
- No bank asks for a PIN or TAN to be entered by e-mail, telephone or SMS.
- Never enter several TANs in a row.
- If in doubt, google the sender of an e-mail or the sender’s telephone number of an SMS. Since scammers usually use the same scam dozens of times, there will be appropriate warnings.
- Make sure you have a good spam filter.
- Be skeptical and don’t let yourself be pressured. No provider and no bank blocks the account without further ado. Especially not within a few days.