What you need to know
Phishing tries to get users to disclose confidential information such as user IDs and passwords using fake emails and/or manipulated web pages
Phishing emails normally contain a link that takes the user to a bogus website. The user is then asked to enter personal data. Phishing emails can also include file attachments containing, for example, software that spies on the user.
Spear phishing attacks specific individuals such as CEOs and CFOs by addressing them with their correct name or by using other personal information. This makes spear phishing a more critical problem to deal with as one particular person or a company is clearly being targeted individually by cyber criminals.
The dangers posed by phishing: Often there is an attempt to appeal to certain emotional basic instincts, for example where the recipients are told that they must reply very urgently or they are misled into thinking that their computer or bank account is at risk.
In order to identify phishing emails early you should therefore look out for the following:
Who is the sender
The sender claims to be from an institution but uses a webmail account (firstname.lastname@example.org).
Look at the link
Check if the link contains any spelling mistakes: Phishers often use thousands of similar domains that are only slightly different (e.g.www.deutschbank.de).
Examine the email very carefully
Are there any mistakes in the body of the email (grammar, spelling, etc.)? Look for any discrepancies in images or logos. These may also be signs of phishing.
Are there any discrepancies in terms of content?
- Consider if there was anything at all which could have prompted the email you have received, e.g. if you are told that you have won a prize in a competition.
- Personal data are requested: This is always a warning sign. No company, bank or any other genuine service provider would send you an email asking for information such as your login details, passwords or credit card data.
You are asked to transfer money
- If you do not know the process, sender or the person in question, it is probably a phishing attempt.
- Even if you do know the sender, you still need to be careful as it could be a spear phishing email where the fraudster is pretending to be a known contact. In this case, use the existing contact details you already have for the sender to get in touch with them by telephone and confirm the validity of the email.
Have you received an email that seems suspicious? If so, you should proceed as follows:
Never click on any links!
Whatever it says in the email: Do not click on any links. This is the only way you can be sure that no malware infects your computer.
Never open attachments!
Exactly the same applies to file attachments in suspicious emails. No matter what the file format is or what the file is called – don’t touch the attachment.
Delete simple phishing!
You have identified a simple phishing email: It is general in tone and not addressed to you in person. You can delete it straight away.
Tell us at once about spear phishing emails purporting to be from Deutsche Bank!
If you believe that you have received a spear phishing email, that has been addressed to you specifically using your name and being from a sender who claims to be working at Deutsche Bank, report this to your relationship manager immediately. A timely investigation will follow.