Phishing mails: Not a day without fraud

Phishing mails: Not a day without fraud

If an email looks like a scam attempt, you should not click on links, open file attachments or reply to the email.

The most important facts in brief:

  • In the case of e-mails in the so-called HTML format, malware can already be stored in the source code, so that even a click on a graphic in the e-mail is dangerous.
  • If you have identified an email as a scam, have not clicked on links, opened file attachments or replied to the email, the next step is simple: delete the email.
  • If you cannot clearly decide whether an email is genuine or not, you can of course check with the genuine provider.

Can a fraudulent email be dangerous if you do not click on links or open attachments?

Bei reinen Text-E-Mails, die Sie im Browser oder mit einem E-Mail-Programm öffnen, kann nichts passieren, solange Sie nicht auf Links oder Anhänge klicken. Bei E-Mails im sogenannten HTML-Format ist dies allerdings anders. Hier können nicht nur im Link oder im Anhang, sondern schon im Quellcode Schadprogramme hinterlegt sein, sodass schon ein Klick auf eine Graphik in der E-Mail gefährlich ist - und diese Graphik muss nicht einmal sichtbar sein. Prüfen Sie daher, wie Sie Ihre E-Mails empfangen und deaktivieren Sie, falls noch nicht erfolgt, die Anzeige der E-Mail im HTML-Format.

You have identified a phishing email as a scam and want to know what to do now

You have identified a phishing email as a scam and want to know what to do now

You have received an email and want to know if it is a phishing email

Basically, a phishing email has the following structure: The salutation, the reason for sending the mail, the need to act, the time pressure, the consequences of not acting, and most importantly a link or alternatively a file attachment. Show rather once too much distrust than once too little.

Do not click on links or attachments under any circumstances, do not reply to the e-mail. Important: Even if you are addressed by name and/or the logos appear genuine, you cannot be sure that it is an e-mail from the genuine provider. You can read more about this in our information "Characteristics of a phishing e-mail".

You have received an email purporting to be from your bank or another provider with whom you are actually a customer, and you want to know if the email could be genuine.

If you cannot clearly decide whether an e-mail is genuine or not, you can of course ask the genuine provider. But again, do not click on any link, do not open any file attachment, do not reply to this email. You should also never use a contact option that is specified in the e-mail - who knows who you will end up with otherwise. It is better to visit a branch of the real provider or use a contact option on the real provider's website. To do this, enter the address of the real provider by hand in the address bar of your browser. Then clarify the facts.

You are considering whether you need to respond to an unjustified claim made against you in an email.

Reputable providers usually send receivables and especially reminders by mail. There are basically two scenarios for unjustified demands made against you in an e-mail.

First scenario: The entire text is aimed solely at getting you to click on a link or, alternatively, open a file attachment. You must not do either of these under any circumstances. As a rule, the sole purpose here is to get you to enter personal data or install a malicious program on your computer.


Second scenario: Someone actually wants money from you. You can usually recognize this by the fact that a specific bank account is named to which a certain amount is to be transferred. In this case, please contact a lawyer or your local consumer advice center to clarify whether and how you should react.

You have clicked on the link in a phishing email and want to know what to do now.

Even if you "only" click on a link without revealing any data on the prepared website, this is a dangerous situation. Some criminals hide a malicious program in the source code of the page. If your antivirus program, Internet browser and/or operating system are not up to date, you may catch a virus or Trojan horse by visiting this page.

Therefore, the next step for you is to update your antivirus program and let the updated antivirus program scan the entire computer. Take the opportunity to check whether the antivirus program, Internet browser and operating system are making the required automatic updates. If necessary, call in a specialist. For checking computers and Android devices for possible malware, consumers can also find help at this site:

If you have caught a malicious program, check if you may need to change personal information such as PIN, passwords or security questions. This is the case if they were stored on the computer or entered on it after the malware was installed. Inform your bank if the online banking area is affected.

Not only did you click on the link in a phishing email, but you also entered personal data on this website.

This data is now in the hands of criminals, unfortunately, this cannot be undone. What to do now depends mainly on what data you have entered. Was it "only" address and phone number? If so, be especially careful when you receive mail or take phone calls in the near future. Or is it particularly sensitive data such as PIN, password, account number or credit card number? Then contact your real provider(s) (credit institution, payment service provider, etc.) immediately, block accounts and/or cards if necessary, change passwords and security questions immediately. Under no circumstances should you remain inactive now. In any case, check your account statements especially regularly in the future. And file a criminal complaint with the police.

You have opened a file attachment.

When you open a file attachment in a fraudulent e-mail, you almost certainly get a malicious program on your computer. What exactly the malicious program does in the form of a virus or a Trojan horse varies from case to case. You should then observe the following:

Do not use the computer again until you are sure that it is "clean" again. Until then, work with an uninfected computer. Unfortunately, having the affected computer scanned by the updated anti-virus program does not provide 100% security at this point - because you do not know whether the malware has already manipulated your computer's security systems. Therefore, boot your computer from an external operating system and perform a check for possible malware this way. Let the updated antivirus program fully scan the computer where you opened the file. Get information here on the homepage, ask by email if necessary. Finally, you still have the option to have a professional come to your home and check the computer on the spot.

You should also take into consideration that the malicious program may have done its evil work before removal and may have forwarded sensitive data such as PIN or passwords to criminals. Check what data was stored on or entered through the computer and change passwords, security questions, PIN, etc. here where necessary. Contact your real provider(s) (bank, payment service provider, etc.), block accounts and/or cards if necessary, change passwords and security questions immediately. Under no circumstances should you remain idle now. In any case, check your account statements especially regularly in the future. And file a criminal complaint with the police.

Have the updated antivirus program fully scan the computer on which you opened the file. However, since you cannot know whether the malicious program also affects the anti-virus software, this step alone is not sufficient. It is recommended to start your computer by placing a suitable "emergency CD" in the external drive and scan the computer with the help of this CD.

You want to know how to make your online banking secure.

There is no such thing as one hundred percent security when it comes to online banking - just as there is when it comes to withdrawing money from ATMs, driving on the road, choosing a spouse/life partner, planning a professional career or other life situations. But you can take certain steps to make online banking more secure.


Use a secure method for online banking - currently a TAN generator is recommended here. If your bank only offers outdated TAN lists or the iTAN procedure, do without online banking or change banks. If your bank only offers the mTAN procedure, you do not need to do without online banking. However, you need to know that this procedure has already been cracked. Partly because customers haven't paid attention to the devices, which are always separate, and partly because criminals have managed to get the SMS sent to a separate cell phone.

Overall, mTAN is more secure than iTAn or TAN lists, but offers less security than a TAN generator. Always make sure that the TAN generator and the mTAN procedure in particular are separate devices.  Banks and savings banks now also offer new procedures such as PushTAN or PhotoTAN. It remains to be seen whether criminals will find and exploit weaknesses in the new procedures, or whether they will prove to be secure in the medium and long term.

Secure your computer with the necessary protection programs such as antivirus software and carry out automatic updates for these programs. Never use other people's computers or networks for online banking - they don't know how they are secured. Be sparing with disclosing personal information on the Internet and suspicious of unexpected e-mails, mail or phone calls.

You want to know what to do if criminals have transferred money from your account through online banking.

Act quickly and do not show false shame. Inform your bank and block the affected accounts and/or cards. In any case, file a criminal complaint with the police. Attention: Our basic recommendation to delete phishing e-mails only applies if you recognize the fraud attempt as such. However, if you fall for a scam and have caught a Trojan horse, for example, by clicking on a link or opening a file attachment, this means that you did not recognize the scam in time. Then you must not delete the email afterwards, as it is an important piece of evidence.

You want to know what you can do against receiving such emails.

Contact your e-mail provider to find out what settings you can make on your spam filter and what other technical options are available to ensure that these unwanted mails are recognized as such in advance and thus do not land in your inbox in the first place. The more generous you are with your data on the Internet, the greater the risk that it will end up in a distribution list used by criminals. The last thing you can do is delete the email address that ended up on that mailing list and open a new one. If you use different email addresses for different things, this last step is relatively easy to perform. If, on the other hand, you use only one email address, the effort for you will be incomparably higher.

You think about how it is possible that criminals write to you with personal salutation and correct data.

If you are wondering where the criminals got your data from, the answer is quite simple, but unsatisfying - you will probably never know. Maybe the criminals hacked the real provider and got the data that way. Maybe you - or someone you know - have been quite generous with your data somewhere at some point, and third parties have now "fished" it off. Maybe there is a Trojan horse or some other malicious program on your computer or the computer of a friend/acquaintance somewhere.

In the end, how it happened is also not crucial. What is relevant is that it happened. The fact is: third parties have your data and are using it for fraudulent purposes. So you need to be extra careful and suspicious.

You tried to forward a fraudulent email to Phishing Radar and you get an error message

The Phishing Radar is designed in such a way that we basically accept every e-mail. Nevertheless, it can happen that you try to forward a phishing e-mail to us and then receive an error message such as "Mail delivery failed". Reason: The security systems of the sender - not those of the recipient - have recognized this e-mail as a fraudulent attempt in the meantime and prevent the forwarding.

At first glance, this looks somewhat paradoxical. You are rightly annoyed about receiving phishing emails yourself. The fraudulent emails they don't want are not recognized as such in advance and end up in your electronic mailbox. When they then try to forward these e-mails to the phishing radar, the security settings recognize them as fraudulent after all and stop them from being forwarded.

At second glance, however, this is easy to explain. Security systems are not static, but dynamic. It is possible that the anti-virus program has been updated in the meantime, or that elements such as the sender's address, links or attachments have been "blacklisted" from the original e-mail. Conclusion: If you receive such an error message, this is no reason to get angry. On the contrary, this error message shows that your security systems are working well - albeit with a delay.


Copyright 2021 Suisse Key All Rights Reserved.