Corporate Responsibility

What you need to know about phishing

  • Share
    Two clicks for more data privacy: click here to activate the button and send your recommendation. Data will be transfered as soon as the activation occurs.
  • Print
  • Read out

How to know when someone is faking their identity.

Phishing involves scammers who want to make you leave sensitive data like bank account information or passwords directly on the perpetrators’ website.

It always starts with emails that look deceptively similar to those from regular or savings banks, online retailers, or telecommunications providers. Read below to find out how to shield yourself better from such attacks.

Phishing is a coinage combining “password” and “fishing” – in other words, fishing for passwords. If the phishing attack is successful, victims voluntarily disclose their customer ID or access information for online banking or other services, and scammers can use them for their own purposes. 

Illustration "Phishing"

Signs of a phishing email

When phishing began, fraudulent emails were easy to identify as faked. The messages were so full of spelling or grammatical errors that there was no way they could come from your own bank or other businesses. Things are different now. Many fraudulent emails look so genuine that they cannot be distinguished from the original.

In order for the scammer’s trick to work, the recipient has to respond when asked to log in to a website or click a link. 
This kind of email content should make you wary

  • You are asked to click a link in the email to change your password. While recommendations to change your password may be completely legitimate, in such cases you should navigate directly to the provider’s website rather than using the link in the email. 
  • Debit or credit cards or customer accounts have expired or have suddenly been blocked and can only be unblocked if you click a link.
  • A billing amount could not be debited. 
  • An enormous amount is being billed, and you must pay it immediately.
  • The message asks you to confirm your personal details for a contest.
  • The sender does not address you by the right name. Regular and savings banks and other financial institutions know who they are dealing with, and personal contact is very important to them.
  • The sender’s address has nothing in common with the supposed sender. If it is official, the sender will be xyz@company.de or abc@company.com. Check the sender to see if any special characters have sneaked into the purportedly genuine email address. 

Of course, it is possible that after entering a contest from a provider you need to click a link to identify yourself. However, these confirmation emails usually arrive within a few minutes after your first contact. And surely you would remember entering. 

If you are asked to change your password with a provider because of a security problem, go directly to the official website of the service. Look in the news area or the blog for information to that effect. In the case of especially well-known services, trade publications will report on it as well. 

The right way to respond to phishing attempts

If you suspect that an email could be a phishing attack, here is the best way to respond.

  • Even if the message seems urgent, keep calm. Warnings and collection letters are normally sent by postal mail. It is very unlikely that an email would address such matters. 
  • Be skeptical if you are asked to change your password. Although it may be a totally legitimate request, do not simply click the link. Instead, go to the provider’s website (on its News or Blog page) to find out if people are being asked to change their passwords. If in doubt, it is better just to ask. Only enter your password on pages that you have verified as legitimate. 
  • Look closely at the link you are being asked to click. Instead of clicking on it directly, copy it onto your clipboard. (To do this in your email program, all you have to do is right-click and then find the relevant option in the drop-down menu). Then go to the address in your browser.
  • Only enter your user name and password on sites that are secure – in other words, the browser will display a secure connection
  • Do not double-click to open any file attachments without verification.
  • In general, you should not use the same passwords for different services. If the access data ever actually falls into the wrong hands, your other logins will not be affected. 

How to recognize official bills from Deutsche Telekom

  • The email trustmark is displayed whenever Webmail is used. 
  • The exact booking account number (fixed network) or customer account (mobile) is in the subject line.
  • The email addresses you by name (except in the case of businesses or organizations).
  • Part of the billing address (street and house number) is given in the body and the subject line of the email.
  • The email will not ask for your password.
  • The attached bill (without any digital signature) will only be a PDF.
  • The notification email will never contain a file.

We have prepared a dedicated website (German only) about this topic.

Further reading

FAQ