Banks, Amazon, Paypal: Countless companies have warned us to watch out for phishing emails targeting their customers.
These scams, in which criminals seek to get their hands on user data like passwords, typically take the form of an email purporting to come from a bank or other online service provider.
Fortunately, there are ways to protect yourself.
One way to check if an email is fraudulent is to look carefully at the sender's address. If the address doesn't look right, it may be a phishing email. Another tip-off is when an email seemingly from an official source is poorly written or has grammatical errors.
Often this scam takes the form of a personal salutation, followed by a request that you take some urgent action, such as logging into your account. Here, the scammers are relying on you to immediately comply without further reflection.
One thing you should bear in mind is that banks and reputable service providers never ask for the disclosure of confidential data by email, says Germany's Federal Office for Information Security (BSI).
If you do receive a phishing email, you should delete it immediately. Under no circumstances should you click on links in the email or download any attachments. You should also inform the company that the email purported to come from.
"If your mail program or the mail provider offers it, it is also worth highlighting the email as spam. Then the program learns to recognise such emails and sorts them out immediately," says tech reporter Juergen Schmidt.
If you have doubts about whether an email is genuine, you should phone up the purported sender to check, Schmidt says.
The links in a phishing email generally lead to a fake website where you're required to input personal data. These counterfeit sites often look similar to genuine Internet sites, but have unusual additions such as an additional "x" or an appended number, the BSI says.
If you do get caught in a phishing trap, the response is all about preventing or minimising the potential damage. You should first check what data has been compromised.
The next step is to change your password for that service provider. Account statements should be carefully scrutinised for unauthorised spending.
"If you react in a timely manner, you can sometimes demand money back. If loss has actually occurred, it should be reported to the police," Schmidt says.
Since the level of sophistication in phishing emails can surprise even advanced computer users, it's worth taking Google's phishing test, based on real phishing emails it has picked up through Gmail: phishingquiz.withgoogle.com – dpa
Did you find this article insightful?