Detect phishing emails

Congratulations, you've won! Or are you possibly losing your data to criminals?

G DATA Guidebook

People like to put on costumes on Halloween. Some e-mails don't need a holiday to do so. They simply pretend to be something other than what they actually are. Fraudsters want to elicit confidential data from users with faithfully reproduced websites and e-mails. In the worst case, criminals can use this information to plunder their victims' accounts or steal their identities. Often, this phishing spreads as spam mail and reaches countless recipients.

In special cases, however, the criminals are targeting a single big "fish", whom they are deliberately deceiving in this way. Experts call this spear phishing, as a specific victim is selected and hunted down. But no matter how phishing is used, it is a serious threat to your data.

Recognise phishing emails

  • Be suspicious
  • Install protection software
  • Delete suspicious mails
  • Analyse headers
  • Call up bank pages directly

Our tips and tricks will help you detect phishing mails more easily

Distrust: Become sceptical when ...

  • passwords, PINs or account details are requested.

  • You are only addressed as "Dear user" or "Hello dear customer". Shopping providers and banks know your name and always address you by it. However, even the name is no guarantee of security, as clever fraudsters can now also find out the name. 

  • there are discrepancies in the URL (website address), the URL is misspelled or you find spelling/grammatical errors. Phishing e-mails and the websites linked to them are sometimes teeming with errors.

  • the message was sent to a different e-mail address than the one you are registered with at the supposed sender or the e-mail comes from a different sender address than you are used to.

  • you are asked to download a file from the attachment or from a linked website. 

  • different font sizes and colours are used in an e-mail, images are blurred or the background colour of the e-mail is different from what you are used to. 

  • the e-mail is written in a different language, even though your bank or the online shop usually contacts you in your native language. 

  • the e-mail comes from your bank, your insurance company, a debt collection agency or your telephone provider. The same applies to e-mails that supposedly come from Amazon, eBay and Co. and refer to changes in the payment system. Banks usually contact you by post when important changes are made. This also applies if a signature or similar is required. You should therefore always be very sceptical of e-mails from banks. 

  • You are promised a profit. You can be almost certain that it is a scam if you are the winner of a prize draw in which you never took part. 

  • A stranger asks you for money and promises you a fortune in return for this loan. You can find out more about this scam in our guide to social engineering - a method of deliberately manipulating people.

Direct entry

If the email contains a link, always be careful. Never call up your bank's page via a link from an e-mail, but always via direct entry in your browser. This way you avoid being lured to a manipulated page. 


If one or more of the above points apply, you should delete the e-mail to be on the safe side.


If in doubt, leave the e-mail alone. If the provider in question is genuine and has a real concern, they will contact you by post if necessary.

Our extra tip for you

Header analysis: Even if you can't see anything suspicious at first glance: Always remember, skilled fraudsters can fake almost anything. Websites, email addresses, even entire call centres have already been set up by clever criminals for large-scale scams. An indication for tracing the sender can be the IP address. You will find the IP address in the header. With this information, you can then make further enquiries into the authenticity.