What is phishing scam

Phishing emails: not a day without fraud

Can a fraudulent email be dangerous if you don't click links or open attachments?

With plain text e-mails that you open in a browser or with an e-mail program, nothing can happen as long as you do not click on links or attachments. However, this is different for emails in so-called HTML format. Malicious programs can be stored here not only in the link or in the attachment, but also in the source code, so that clicking on a graphic in the email is dangerous - and this graphic does not even have to be visible. You should therefore check how you receive your e-mails and, if you have not already done so, deactivate the display of the e-mails in HTML format.

You can find more information on the topic on the website of the Federal Office for Information Security (BSI).

You have identified a phishing email as fraudulent and want to know what to do next

If you've identified an email as fraudulent, clicked links, opened attachments, or replied to the email, the next step is simple: delete the email. However, please forward this to [email protected]überszentrale.nrw and - if possible - to the real provider so that he is aware of the facts and is able to take steps against the attempted fraud.

You have received an email and want to know whether it is a phishing email

Basically, a phishing e-mail has the following structure: the salutation, the reason for sending the e-mail, the need to act, the time pressure, the consequences of inaction and, above all, a link or, alternatively, a file attachment. It is better to show too much distrust than too little.

Do not click any links or attachments, do not reply to the email. Important: Even with a salutation by name and / or a logo that looks real, you cannot be sure whether it is an email from the real provider. You can read more about this in our information "Characteristics of a phishing email".

You have received an email that supposedly comes from your bank or another provider of which you are actually a customer, and you want to know whether the email could not be genuine after all.

If you cannot clearly decide whether an email is genuine or not an attempt at fraud, you can of course ask the real provider. But here too, the following applies: never click on a link, do not open a file attachment, do not reply to this email. You should also under no circumstances use a contact option that is given in the email - who knows who else you will end up with. It is better to visit a branch of the real provider or to use a contact option on the real website of the provider. To do this, enter the address of the real provider by hand in the address line of your browser. Then clarify the matter.

You are considering whether you need to respond to an unjustified claim made against you in an email.

Serious providers usually send claims and, in particular, reminders by post. There are basically two scenarios for unjustified claims made against you in an email.

First scenario: The whole text aims exclusively at the fact that you should click on a link or alternatively open a file attachment. Under no circumstances should you do both. As a rule, this is all about getting you to enter personal data or installing malware on your computer.

Second scenario: someone actually wants money from you. You can usually recognize this by the fact that a specific bank account is given to which a certain amount is to be transferred. In this case, please contact a lawyer or the local consumer advice center to clarify whether and how you should react.

You clicked the link in a phishing email and want to know what to do next.

Even if you "only" click on a link without revealing any data on the prepared website, this is a dangerous situation. Some criminals hide malware in the source code of the site. If your virus protection program, your Internet browser and / or your operating system are not up to date, you may catch a virus or a Trojan horse by visiting this page.

So the next step for you is to update your antivirus and let the updated antivirus scan your entire computer. Take the opportunity to check that the virus protection program, Internet browser and operating system are making the necessary automatic updates. Consult a specialist if necessary. This page also helps consumers check computers and Android devices for possible malware: www.botfrei.de

If you have caught malware, check whether you need to change any personal data such as PIN, passwords or security questions. This is the case if these were saved on the computer or were entered on it after the malicious program was installed. Inform your bank if the area of ​​online banking is affected.

Not only did you click on the link in a phishing email, but you also entered personal information on this website.

This data is now in the hands of criminals, which unfortunately cannot be reversed. What to do now depends mainly on what data you have entered. Was it "just" an address and telephone number? Then be especially careful if you soon receive mail or take calls. Or is it particularly sensitive data such as PIN, password, account number or credit card number? Then contact your real provider (s) (credit institute, payment service provider, etc.) immediately, block accounts and / or cards if necessary, change passwords and security questions immediately. Under no circumstances should you remain inactive now. In any case, check your bank statements particularly regularly in the future. And file a criminal complaint with the police.

You have opened a file attachment.

If you open a file attachment in a fraudulent e-mail, you are almost one hundred percent certain that you are getting malware on your computer. What exactly the malicious program in the form of a virus or a Trojan horse does varies from case to case. You should then consider the following:

Do not use the computer again until you are sure that it is "clean" again. Until then, work with an uninfected computer. Unfortunately, having the affected computer checked by the updated virus protection program does not provide 100% security at this point - because you do not know whether the malicious program has already manipulated your computer's security systems. You should therefore start your computer from an external operating system and carry out a check for possible malware in this way. Let the updated virus protection program fully scan the computer on which you opened the file. Find out more here on the homepage, if necessary ask by e-mail. Finally, you still have the option of having a specialist come to your home to check the computer on site.

You should also take into account that the malicious program did its bad work before removal and may have passed sensitive data such as PIN or passwords on to criminals. Check which data was stored on the computer or was entered via it and, where necessary, change passwords, security questions, PIN etc. Contact your real provider (s) (bank, payment service provider etc.), block accounts and if necessary / or cards, change passwords and security questions immediately. Under no circumstances should you remain inactive now. In any case, check your bank statements particularly regularly in the future. And file a criminal complaint with the police.

Let the updated virus protection program fully scan the computer on which you opened the file. However, since you cannot know whether the malware is also affecting the antivirus software, this step alone is not sufficient. It is advisable to start your computer with a suitable "emergency CD" in the external drive and to check the computer with the help of this CD.

Information on the subject of malware can also be found on the website of the Federal Office for Information Security (BSI).

You want to know how you can make your online banking secure.

There is no such thing as one hundred percent security with online banking - just as there is no withdrawal from ATMs, in traffic, when choosing a spouse / partner, planning a professional career or other life situations. However, you can take certain measures to make online banking more secure.

Use a secure method for online banking - currently here is one TAN generator to recommend. If your bank only offers outdated TAN lists or the iTAN procedure, do without online banking or change banks. If your bank only offers the mTAN procedure, you don't have to do without online banking. But you need to know that this procedure has already been cracked. Partly because customers did not pay attention to the always separate devices, partly because criminals managed to get the SMS sent to their own cell phone.

Overall, mTAN is more secure than iTAn or TAN lists, but offers less security than a TAN generator. Pay particular attention to separate devices with the TAN generator and the mTAN process. Banks and savings banks are now also offering new processes such as PushTAN or PhotoTAN. Here we have to wait and see whether criminals find weak points in the new procedures and exploit them, or whether these turn out to be secure in the medium and long term.

Secure your computer with the necessary protection programs such as anti-virus software and run automatic updates for these programs. Never use other people's computers or networks for online banking - they don't know how they are secured. Be sparing in disclosing personal information on the Internet and be wary of unexpected e-mails, mail, or phone calls.

They want to know what to do when criminals have transferred money from your account through online banking.

Act quickly and don't show false shame. Inform your bank and block the affected accounts and / or cards. In any case, file a criminal complaint with the police. Attention: Our general recommendation to delete phishing e-mails only applies in the event that you recognize the attempted fraud as such. However, if you fall for a scam and have caught a Trojan horse, for example by clicking a link or opening a file, it means that you did not spot the scam in time. Then you are not allowed to delete the e-mail afterwards, as it is an important piece of evidence.

They want to know what you can do about receiving such emails.

Contact your e-mail provider to find out which settings you can make on your spam filter and which other technical options are available to ensure that these unwanted e-mails are recognized as such in advance and do not even end up in your mailbox. The more generous you are with your data on the Internet, the greater the risk that it will end up in a distribution list that criminals use. The last step is to delete the e-mail address that has ended up in this mailing list and to open a new one. If you use different email addresses for different things, this last step is relatively easy to complete. If, on the other hand, you only use one e-mail address, the effort for you is much higher.

You think about how it can be that criminals write to you with a personal salutation and correct data.

If you're wondering where the criminals got your data from, the answer is simple but unsatisfactory - you will likely never find out. Perhaps the criminals hacked the real provider and got hold of the data that way. Perhaps you - or a friend of yours - have at some point dealt with your data quite liberally and third parties have now "fished out" them. Perhaps there is a Trojan horse or some other malicious program on your computer or that of a friend or acquaintance.

In the end it doesn't matter how it happened. What matters is that it happened. The fact is: Third parties have your data and use it for fraudulent purposes. So you need to be extra careful and suspicious.

You tried to forward a fraudulent email to the phishing radar and received an error message

The phishing radar is designed in such a way that we basically accept every email. Nevertheless, it can happen that you want to forward a phishing e-mail to us and then receive an error message such as "Mail delivery failed". Reason: The sender's security systems - not those of the recipient - have now recognized this email as a fraudulent attempt and are preventing it from being forwarded.

At first glance, this looks a bit paradoxical. You are right to be annoyed at receiving phishing emails yourself. The fraudulent e-mails that you do not want are not recognized as such in advance and end up in the electronic mailbox. If you try to forward these e-mails to the phishing radar, the security settings will recognize them as attempted fraud and the forwarding will be prevented.

At second glance, however, this is easy to explain. Security systems are not static, but dynamic. The virus protection program may have updated itself in the meantime, or elements such as the sender address, links or attachments from the original email may have been blacklisted. Conclusion: If you get such an error message, there is no reason to be annoyed. On the contrary, this error message shows that your security systems are working well, albeit with some delay.