• Phishing:
    how to recognize and prevent attacks

Phishing is one of the most common and dangerous cyber threats. Cybercriminals often pretend to be well-known companies, organizations, or individuals and try to trick you into revealing sensitive data or infecting your computer/smartphone with malware through fraudulent messages.

These attacks frequently occur via email, messaging apps, or SMS and can have serious consequences.

In the following article we will show you how to recognize phishing attempts more easily and avoid common mistakes.

Key points:

A person holds a smartphone displaying a warning symbol on the screen

Phishing messages often contain real-looking links or attachments from seemingly trustworthy sender addresses that can steal login credentials or spread malware.

Woman sitting in front of a laptop, touching her face while looking at the screen

Criminals use social engineering and AI to make their attacks more credible and tailored to their victims.

Close-up of a screen showing a message with the subject “Urgent: Verify Your Account”

Be suspicious of unexpected messages and carefully check sender addresses and included links before responding.

What are the signs of phishing?

Cybercriminals choose a pretext to make you follow their instructions. They pose as trustworthy identities and provide urgent reasons that seem plausible. Often, the sent messages contain malicious links or infected attachments that can compromise your device or steal login credentials.

Typical characteristics of phishing messages:

This icon describes a globe.

Pressure and urgency

You are encouraged to act immediately, and are told, otherwise allegedly negative consequences will occur.

This icon describes a globe.

Trustworthy-looking identities

The senders pretend to be well-known companies, banks, family members, or authorities.

This icon describes a globe.

Links to fake websites

They try to lead you to real-looking copies of websites with slightly different URLs that can be used to steal your login credentials.

This icon describes a globe.

Attachments with malware

Documents or ZIP files can contain trojans or ransomware.

This icon describes a globe.

Callback numbers instead of links

Instead of a link, there can be a fraudulent phone number prompting you to call back.

How to protect yourself from phishing

Carefully check the sender’s address or phone number

  • Click on the sender’s name to verify the underlying email address or phone number.
  • Pay attention to small deviations, e.g., "organisationg1obal.com" instead of "organisationglobal.com" and verify the phone number by comparing it with the contact number you already have or found on the official website.
  • Be suspicious of emails from private mail services (e.g., companyname@gmail.com) in the name of well-known companies.

StayInformed

Fake numbers, real damage

Beware: phone numbers can also be faked. In the case of a call or SMS, the displayed phone number can be different from the one from which the call actually occurs, or the SMS was sent (so-called phone spoofing). Be cautious with unexpected or urgent requests. If in doubt, hang up and call the contact back using a number you know to be correct.

Phishing messages can also contain callback numbers instead of links or attachments. When you call back, you are manipulated into visiting dangerous websites or granting the fraudsters remote access to your computer (so-called telephone-oriented attack delivery (TOAD)). Do not follow the callback request if you have the slightest suspicion that something is wrong. Instead, call the company or organization in question using a number from a trusted source and ask questions about the email you received. 

Do not click on links or attachments in dubious messages

Even if a message seems important: check the sender and think before you click! Criminals often convey a sense of urgency to make their victims act hastily.

How do I recognize "secure" websites?

Do not enter personal data on websites with an unencrypted connection. You can recognize whether a website uses an encrypted connection with your browser by the abbreviation "https://" in the address bar and the small padlock symbol next to the browser's address bar. Although an increasing number of fake sites also use this encryption, it is still important to pay attention to it.

Report suspicious emails immediately

Report suspicious messages to your email provider or, for example, the consumer protection agency. In a professional environment, you should inform your supervisor, the IT department, data protection officers, and your colleagues to protect you and your organization against cyber-attacks.

Dangerous links and attachments: what's behind them

Phishing is one of the most frequently reported types of cyber-attacks. Stealing login credentials is becoming increasingly lucrative for cybercriminals, as half of all successful attacks exploit stolen user accounts. Phishing emails are the main way to spread malware by having victims click on links or download attachments. The attacks also occur via messenger and SMS.

Elderly woman with a phone to her ear sits at her kitchen table with an open laptop in front of her

Fake login pages

If you encounter a phishing attack with this method, you will land on a login page after clicking on a link. These pages often look like official Microsoft 365 or online banking logins. They are visually almost indistinguishable from the real ones, but the web address usually reveals the fraud. Therefore, always access login pages directly via the official web address and save them as favourites in your browser. Be especially careful with ads in search engines, as they can also lead to fake pages.

Fake websites for data collection

Many fraudulent sites aim to steal personal data such as name, address, bank details, or credit card number. These sites often look real and ask you to enter information. Never enter confidential data via links in emails, but always manually access the relevant websites via the URL you know.

Woman at a coffee table staring intently at her smartphone in one hand while holding a bank card in the other.
Laptop with a warning message on the screen, with a woman sitting in front of it on a sofa

Malware in attachments and downloads

Many phishing emails contain attachments or links that can load ransomware, extortion software, or other malware onto your device. Criminals often disguise these files as seemingly harmless documents, application materials, or software updates. QR codes can also lead to dangerous links that spread malware. Therefore, be particularly careful if a file is sent to you unexpectedly and check the source carefully before opening it.

StayInformed

Recognize phishing with a simple trick:

Hover your mouse over a link (without clicking). The actual address is displayed at the bottom of the browser or in Outlook. Is it different to the specified target? Do not click.

Social Engineering and AI: new fraudster tricks

Highly individualized phishing attacks (spear-phishing)

Cybercriminals use targeted social engineering to address their target person individually. Critical infrastructure sectors and people in leadership positions are more likely to be affected, as valuable information can be obtained from them.

Phishing texts through artificial intelligence (AI)

Cybercriminals increasingly use AI-based text generators to create messages that are grammatically and orthographically error-free and therefore appear trustworthy.

FAQ: frequently asked questions about phishing

Show content of How do I recognize a fake email address?

  • Deviating domains: [firstname.lastname@organisationg1obal.com] instead of [firstname.lastname@organisationglobal.com]
  • Replaced letters: cyrillic "o" instead of Latin "o"
  • Added characters: [firstname.lastname@organissation.com]

Show content of How do I recognize a trustworthy URL?

  • HTTPS instead of HTTP: secure sites use "https://" with a padlock symbol
  • No typos/"wrong" characters: check for unusual spellings or letters from other alphabets (e.g., "g00gle.com" instead of "google.com")
  • Official domains: check which domain the company or organization usually uses; large companies also use well-known endings (.com, .de)
  • No unnecessary characters: long or cryptic URLs are usually suspicious
  • Manual entry: avoid clicking on links in emails, type the URL yourself

Show content of Can phishing happen via SMS or messaging app?

  • Yes, it is possible. In so-called "smishing", fraudsters send SMS or messaging app text messages in which they ask you to click on a contained link under a pretext. This either leads to a fake login page or a download that contains malware.
  • Phishing attacks via SMS or messaging app text messages in the name of delivery services like DHL and FedEx are particularly common, announcing alleged packages or problems with their delivery.