Phishing and identity theft

Phishing and identity theft

Phishing and identity theft – Crimes related to phishing, data theft as well as identity theft usually have significant financial consequences for the victims of the fraud concerned.

Topics in our legal advice

The lawyers of the Herfurtner law firm are available for legal advice at our offices in Hamburg, Frankfurt am Main, Munich and nationwide. Read our warnings below, which you can use to recognise phishing attacks and protect yourself from them.

Table of contents

  1. Phishing/identity theft – definition
  2. Phishing Mail – what is it?
  3. 9 clues to phishing scams
  4. Recognising phishing attempts by e-mail
  5. Exposing phishing websites
  6. What is the risk of phishing/identity theft?
  7. Phishing/identity theft – get a lawyer involved

Phishing/identity theft – definition

Phishing, what is it? The term phishing comes from the English language (fishing) and means something like “fishing”. Phishing is about fraudsters using methods to obtain sensitive and personal data from their victims.

This data is then used to defraud the victim of their finances.

Common phishing methods include:

  • Access to Dropbox and other cloud services
  • Spying on professional data on LinkedIn or Xing and personal information in social media
  • Automatic redirection from a legitimate website to a fake plagiarism – if you enter your data here, it will end up with the fraudster
  • Stealing company data by posing as a supposed CEO
  • Fraudsters pretend to be real companies and thus obtain your data by fraud
  • Malicious links in emails

What is identity theft? Identity theft is when stolen data is used to impersonate the person from whom the data was stolen.

Criminals who use identity theft often use this to conclude contracts or make expensive purchases in the name of their victims. But also to empty their accounts or take out loans as well as to deceive the relatives and friends of the fraud victims and also to defraud them of money.

Phishing mail – what is it?

How do I recognise phishing e-mails, do I have to report them, how do I react correctly if I have opened a malicious link and how can I protect myself from such scam messages? All these questions are becoming more and more important in view of the increasing number of phishing attacks by e-mail.

It is not uncommon for a fake email to appear to be genuine. Nevertheless, there are some signs by which you can recognise a phishing email.

Because phishing emails are fast, cheap and time-saving, they are often used by cybercriminals. Sending emails is completely free, and obtaining email addresses is a breeze. They are often found freely available on websites, but also on business cards, advertising brochures and the like.

In addition, the use of e-mails enables a large-scale phishing attack, as one and the same mail can be sent to numerous recipients at the same time.

With this method, the fraudsters have quick and easy access to confidential information and sensitive data – as long as the recipients of the messages open them carelessly. Victims of phishing scams are at risk of malware infections, data theft and identity theft if they fall for the hoax.

The aim of the criminals is the illegal acquisition of:

  • Company data
  • Customer data
  • Company and production secrets
  • Personal information such as credit card numbers
  • Bank account data
  • Tax information
  • Medical records

Phishing attacks are also used to gain access to emails, social media and other accounts. For example, access to networked systems, including point-of-sale terminals and order processing systems, is one of the targets.

Phishing emails are often the cause of large, widespread data breaches reported in the press.

Cyber criminals can cause gigantic damage to companies, private individuals and even government agencies with a seemingly harmless email.

One example that occurred 20 years ago, but caused financial damage of 10 billion US dollars and thus remained in the global memory, is the virus-infected “I love you” emails.

In what way does phishing work?

Phishing emails often contain one or more of three types of malware:

  1. Malicious web links,
  2. malicious attachments, or
  3. fake data entry forms.

Phishing mail – you can recognise scams by these 9 clues

In the following sections, we will go over nine of the most common characteristics of phishing emails. If even a few of them appear in an email, it is a scam.

1st name? Missing

Customers are always addressed by name by your bank or other service providers and institutions, but never as “customer” or “user“. This is absolutely unusual and indicates a dubious sender.

Nevertheless, addressing someone by name is not a clear indication of a credible e-mail. There are also criminals who know the name of their fraud victim and use it to lend their e-mail trustworthiness by addressing it correctly.

2. inserted hyperlinks

Letters are the preferred means of communication for banks. Only in very rare cases do banks and savings banks choose to send e-mails. If your bank does send you an e-mail, it is guaranteed not to contain any file attachments – such as forms you are supposed to fill out.

E-mails with links that the recipient has to click on are only sent by banks and other service providers in exceptional cases, for example to accept new terms of use.

However, customers are never asked to log into their online banking account via the link in an e-mail or to enter any other sensitive data.

So if you receive such a mail, do not comply with the demands in the message under any circumstances and do not click on the link. Notify your bank and, if necessary, report the fraudulent e-mail to the police and the consumer advice centre. If possible, take screenshots as evidence.

Tip: If you want to do online banking or visit your bank’s website for other reasons, always enter the URL in the address bar of your browser. This is the safest way to be sure that you are not being directed to a fake website.

3. information about the sender in the source text.

Phishing e-mails can in some cases be very well designed and deceptively genuine. However, even if the style of language and the sender seem serious at first, this email does not automatically have to be authentic. The sender’s details can also be fake.

You can check this by looking at the so-called “mail header“. This is where the Internet Protocol (IP) address of the sender is stored. Forgery-proof and able to identify the sender, this is the only way.

4. indication of information

Another warning signal is the request to enter personal data, such as PIN or TAN. Banks or online payment services will not ask you to do this by email. The banking industry has strict guidelines that prohibit asking customers for their PIN or TAN by phone or email.

5. language style – errors in grammar & punctuation

Emails sent in poor German are the easiest to recognise as phishing mails. The vast majority of these messages were not originally written in German, but translated from another language.

Punctuation problems, such as Cyrillic characters or missing umlauts, are another telltale sign of such fraudulent emails.

6. formulations: Emphasis and definiteness

Also be wary of emails that ask you to take action immediately or within a very short period of time. Especially if you are threatened with a consequence if you do not comply with this supposedly urgent action.

No bank has the right to put you under pressure and threaten to block your credit card or internet account. Such behaviour is absolutely typical for criminal gangs, but not for reputable financial institutions.

7. non-German-language e-mails

E-mails written in English or French can also be easily identified as phishing mail.

If you do not have an account with a bank outside Germany, you can be sure that all correspondence with your financial institution is conducted in German.

If your bank contacts you at all by e-mail instead of by post, which, as already explained, is unusual.

8. mails from a foreign bank

The e-mail should be deleted if you know that your bank never sends you e-mails or if you are sure that your bank is not even familiar with your e-mail address.

You should also assume a fraud attempt if you are contacted by a bank or service provider with whom you do not have a business relationship.

9. apps, file attachments and URLs

Increasingly, phishing emails ask recipients to open a file that is either attached or can be downloaded via a link. You should never download or even open such a file if you receive it in an unexpected email.

Viruses and Trojans are often found in this type of file, so you should never open it under any circumstances. Not even if you are threatened with the closure of your account, the involvement of a debt collection agency or other made-up reasons for creating an attachment.

Any e-mail that contains a file attachment and/or a threat should make you wary.

Detect email scams

Have you received an email that has these characteristics – or some of them? Delete it immediately. The email is almost certainly a phishing attempt.

When a phishing email is sent in HTML format, the sender usually uses a fictitious email address to appear legitimate.

If this is the case, you can find out in several ways:

Look at the code of the HTML emails if you manage your emails with a browser. Instead of clicking on the sender’s name, you can simply hover over it with the mouse pointer. Then you can check whether the sender line has a second address.

Exposing phishing websites and protecting yourself

From what you may have heard or read, a secure connection and a reputable website are indicated by the abbreviation “https://” in the address field of your internet browser.

In reality, the abbreviation means that the website operator has purchased an SSL certificate for its pages.

Phishing scammers, on the other hand, are increasingly using this tactic to give the impression of respectability.

Therefore, “https://” no longer means a green light today.

One of the precautionary measures is to check every link in an email or social media post before accessing it. Even the average person can spot plenty of warning signs.

Suspicious internet addresses, such as “”, may contain the name of an organisation but have strange numbers or characters in front of it.

You can recognise fake phishing pages, for example, by the request for a TAN without having made a transaction.

If you are asked to re-enter known data such as your name, address or IBAN after entering it at your bank, you should be particularly careful. The probability is high that you have come across a fake website.

Identity theft and data theft – how high is the risk?

It is assumed that at least a double-digit million amount is lost in Germany every year due to targeted phishing attacks.

Current figures on cybercrime are provided by the BKA’s annual situation report.

Depending on the target, consumers are at different risk from phishing attacks: For example, anyone who is tricked and enters their credit card data on a fake bank website gives the fraudsters everything they need to make a massive online purchase.

With stolen account data, fake websites of online mail-order companies try to make purchases for the benefit of their owners.

Phishing therefore poses a significant risk of financial loss.

Furthermore, malware-infested file attachments in phishing emails pose an additional threat: Every careless click on one of these dangerous files leads to infection with a malicious programme, usually unnoticed by the user.

A Trojan, a bot or ransomware are examples of this.

What can victims of fraud do?

More and more phishing victims are turning to our law firm seeking help and asking to speak to one of our lawyers.

We have been active in the field of internet fraud for some time and we know how important it is to look at each individual case. Each case, as well as the circumstances of phishing/identity theft, is unique.

If you need help due to a phishing attack or identity theft, please do not hesitate to contact us. For example, we can help you communicate with your bank – with the aim of getting your money back.

An experienced phishing lawyer also needs to be up to date with the latest case law. For example, many phishing cases end up in court because the banks do not want to be held responsible. Instead of paying, it often comes to a lawsuit. Each time, a large sum of money is at stake for the bank as well.

If you have invested in or made payments to one of the companies on this list, our lawyers will be at your disposal at short notice.


Recent Posts