Phishing

Phishing is a form of cyberattack in which fraudsters attempt to obtain confidential data—such as passwords, credit card numbers, or access data for online services—via fake emails, websites, or messages. The term is derived from the English word “fishing,” as the attackers specifically “fish for information.”

How phishing works

Phishing attacks rely on deception:

• Emails or messages often look deceptively genuine (e.g., in the name of a bank, parcel service, or well-known platforms).
• They contain links to fake websites or file attachments with malware.
• The goal is to trick the recipient into entering sensitive data or opening a malicious file.

Typical characteristics of a phishing email

• Urgent calls to action (“Your account will be blocked!”)
• Spelling or grammar mistakes
• Sender address looks similar but not identical to the real one
• Links lead to external or suspicious domains
• Unexpected file attachments

Phishing examples

• A fake PayPal email asks you to enter your account details.
• A supposed DHL message contains a link to “track your shipment” that leads to a fake page.
• A “Microsoft” email warns of suspicious activity and asks you to update your password via an external link.

What to do if you have opened a phishing email

• Do not enter any personal data and do not open any attachments.
• Check your PC/device (run a virus scan, contact IT support if necessary).
• If you have entered any data: Change your passwords immediately and secure the affected accounts.
• Inform your bank/credit card company if payment details are affected.
• Document the incident and report it to the police or the central reporting office (e.g., BSI in Germany) if necessary.