Although phishing is already a well-known cyberattack, it remains effective. Especially people who are not familiar with the virtual environment could be easily tricked into believing fake emails.

Here is, what ACOPA suggests paying attention to when reading mails and how you can identify possible scam emails:

  • Who is the sender?
    • The email should look authentic & professional (e.g.: [email protected], not [email protected]).
    • Professional companies will have emails linked with their website account.
    • A domain is always after the @-sign. Anything in front, is a username and customizable.
    • The sender of a professional system (password reset, confirmation, newsletter, etc.) mail will likely not be a person, but a system or company name (e.g.: ACOPA System, not John Doe).
    • Beware: A scammer could easily register a similar-looking domain (e.g.: acopa-mailing.de), keep that in mind. If the email domain is the same as the website domain, it is probably a safe mail.
  • What is the email content?
    • The attacker might not be native in that language, so they may make grammar or typing mistakes. Professional companies will have auto-generated text or correct grammar.
    • Look how the email content looks like. Does it have many images? Is it just a lot of text?
      • Many images may divert from the text and the graphics may indicate false authenticity.
      • On the other hand, a big block of text may seem tiring on the reader and make them skip parts of the text and believe it to be authentic.
  • What is the destination of the link?
      • Scam Links are usually very long and have many sub-domains, so one cannot identify the actual domain. The primary domain is always in front of the Top-Level Domain (e.g.: .com, .de, etc.). In this example, blog.acopa.de, blog is a sub-domain and acopa is the primary domain.
      • Never, ever enter your confidential information in a website that is not secure (has no lock and is not a https link (Browsers will usually indicate it by saying “Not secure” in front of the address)). However, an SSL connection is not a guarantee for safety.

These are only indications that could help to identify scam emails. We recommend forwarding suspicious emails to a separate inbox. Afterwards, the emails can be evaluated for fraud.

That is our advice about what you can do to identify phishing attempts and we hope, we could clear certain things up! If you do have any more questions or concerns, please do not hesitate to reach out to us, we would be delighted to discuss this with you and clear up your questions!