on behalf of:

These are typical characteristics of phishing mails

Phishing mails try to force victims to take action. Fear is a powerful instrument. Supposedly blocked accounts or payment requests try to pressure victims to take rash actions.

Curiosity, e.g. the promise of a prize, can also lead to a careless response to a request.

Some phishing mails ask users to follow a link.

The link can, for example, lead to a fake website where log-in data is requested. It might also trigger an (unnoticed) file download that infects the computer with malware.

‘The invoice is attached’ – file attachments in e-mails, e.g. for purchases that have not even been made, should be treated with caution.

A supposed PDF could actually be a container file for Trojans. Upon opening, the malware becomes active and infects devices and networks like wildfire.

A phishing mail pretends to be written on behalf of online shops, banks or other online services without actually knowing the person addressed.

It is unlikely that your bank would address you as ‘Dear Customer’ to say that your bank account has been compromised.

An impersonal address is not a compelling proof of a phishing scam, but they give reason to examine the email more closely.

Phishing mails are sent out massively and for this purpose, they are created and translated with the help of software. Spelling mistakes and grammatical errors sneak in: ‘You user account ist at risk and has been spied on’.

Orthographic errors are not compelling evidence of a phishing scam, but they do give reason to examine the email more closely.

Senders of phishing mails engage in speculation and send them on behalf of large online shops, banks or providers (e.g. streaming). The probability increases that the recipient has a user account and feels addressed.

Caution is advised if the e-mail address is cryptic or differs minimally from the original provider (e.g. amazn.de).

The human factor in IT security
What role do phishing mails play for me?

Not every phishing mail is recognised as such by the spam filter or firewall. That is why all IT users are called upon to close any security gap. You can make a valuable contribution and support your colleagues by recognising phishing mails as such and not falling into the trap.

Good to know: You are also well advised to be protected against phishing in your private life. Phishing mails also find their way into private mailboxes and can harm private individuals in the same way. After all, your private devices, photos, messages or (user) accounts do not belong into other hands.

What do I do if I receive a phishing mail?
  • Delete the phishing mail
  • Inform the IT department
  • Warn colleagues
  • Unsure? Ask the IT department
  • Under no circumstances enter data on a linked website
  • Do not open links in phishing mails
  • Never save or open file attachments on the computer
  • Do not reply to the phishing mails

Do you still have questions about the phishing simulation?

Your employer wants to make you and your colleagues aware of the risks of phishing emails. Therefore, the CSX team has received your mail address so that we can send you phishing emails.

Beforehand: There is nothing wrong if you open the link. After all, you are supposed to learn about phishing on this website.

The phishing simulation registers whether an e-mail or a link was opened. But the data is collected anonymously and cannot be assigned to any person. The data is collected to check whether the simulation has reached all participants.

Your company therefore does not find out that it was you who opened the phishing mail.

Phishing mails are an increasingly common phenomenon and problem – this applies to both the corporate and private spheres. Since technical security measures alone cannot provide a remedy, IT users must be made aware of the dangers and sensitized.

Raising awareness also offers great added value for you privately when you recognize phishing mails. After all, IT security and data protection are essential for protecting yourself from fraudsters and data misuse.