Email header
If you have received a suspicious email, you should look directly at the email header. Here you should check the name, email address and IP address of the sender.
The display name is relatively easy to forge. It is more difficult with the email address. That is why in some cases the email address does not match the alleged ad name at all. This is how you know that it is most likely a scam.
In the email header you will also find the IP address of the actual sender. This cannot be manipulated.
Unprofessional design and incorrect grammar / legal spelling
In phishing emails, the formatting and design elements often appear not to have been professionally created. The content of a phishing email also often leaves a lot to be desired. The subject line and text are usually written in poor English or German etc.
However, an unprofessional design and incorrect legal spelling are not always an indication of a phishing email. The quality of fraudulent emails is improving all the time (for example, texts formulated using artificial intelligence (AI)), so they are not necessarily recognisable at first glance. Therefore, be sure to read the email thoroughly to uncover any inconsistencies.
Impersonal salutation
Phishing scammers usually use generic salutations such as “Dear Customer”. This may indicate that the email is fake, as senders you know are usually likely to be writing to you personally.
Attention: Phishing attacks are becoming more and more professional. In the age of social media, it is easy for a phishing scammer to find out your name and other information about you. Social media channels are frequently misused for phishing attacks, so that the fraudster has a lot of personal data at his disposal and can thus easily write to those affected personally.
Unexpected and unusual contact
If the request of the sender of the email seems unusual or unexpected at the present time, you should become sceptical.
An example of this would be an unexpected email from the boss requesting Amazon gift cards and sending the cards or redemption codes to a specific person. If in doubt about the authenticity of the request, we recommend contacting the person who requested the gift cards directly (e.g. by phone) to ensure that the request is not a scam.
Urgency
The use of time pressure to force a quick response is one of the clearest characteristics of a phishing email.
Mostly, the scam messages are about account blocking, alleged identity theft, data matching or similar. The emails deliberately pressure or panic the recipient – or they promise profits and special offers if action is taken within a very short time.
Therefore, be sceptical of emails that require quick action without allowing sufficient time for consideration (e.g. “We ask you to verify your data within 24 hours”).
Links and buttons
If the email contains a link that you are supposed to click on, you can easily check it to see if the website – to which you are redirected – is genuine. To do this, move the mouse over the linked text or button – without clicking it (!) – to check which address appears in the tooltip. If the tooltip refers to another domain name, then the website is fake.
Tip: You should read URLs from left to right up to the third slash and pay attention to the area with the last dot. This is where the actual destination address is displayed.
As an example: https://www.paypal.mybiz.com/ leads to mybiz.com and not to paypal.com.
Caution: Some characters from other writing systems resemble letters of the Latin writing system so closely that it is almost impossible to distinguish them with the naked eye.
If you are unsure whether you actually need to take action, open the relevant company’s website in your browser (instead of clicking on the link in the email) and check there whether any action is required on your part. This will prevent the link from taking you to a fake website.