You keep hearing about phishing emails that are in circulation are. For this reason, we want to briefly explain what phishing emails are, where they come from, how to recognize them, and generally clarify the most important questions (expandable below) in connection with phishing emails.
What are phishing emails?
Criminals use phishing emails to try to get data from you or other people. This is mostly done by simulating/reconstructing a login page – such as our https://myhosttech.eu . A hidden link to this replicated page is now embedded in a phishing email.
If you click the link and enter your login details, the criminals already have your username and password.
How do you recognize phishing emails?
In fact, detecting phishing emails is becoming increasingly difficult as criminals send better and better emails. That’s why they work, among other things, with the logo of the company whose website they want to pretend to be. You will then usually be written to directly with your first name, or if they do not have it, with your last name, in order to establish a certain basis of trust.
The moment when you should sit up and take notice is usually when a quick reaction is required. This is a popular ploy, as it puts a certain amount of pressure on you, and then you become careless.
If you notice one or more of these characteristics, caution is advised:
- You will be pressured in the email
- The e-mail address that sent the e-mail does not end with @hosttech.de , @hosttech.de , @hosttech.de or @hosttech.eu
Caution!You can fake the sender. Always look at the sender’s details to see the full email address .
- The content does not match the previous emails you have received from us
- A link in the email will direct you to a website where you will need to enter your credentials, and the website URL is not https://myhosttech.eu
We go into more detail on these points in the section “How to protect yourself against phishing” below. In general: If you are unsure whether an e-mail is really from us, then it is better to contact our customer service first by creating a ticket request in your myhosttech customer center .
Warum du E-Mails erhältst, die so aussehen, als würden sie von hosttech stammen
You trust an e-mail that comes from a company you know more quickly than an e-mail that comes from a different company.
The links in the e-mails often not only lead to login pages, but also simulate a payment form in which you should then enter your credit card information. In this way, the criminals not only get your password, but also your credit card information.
The more familiar a company, the less skepticism there is when you receive an email.
Woher die Kriminellen deine E-Mail-Adresse haben
These can be from a variety of sources. This may be because the email address is on the website that you have published on our server. However, this can also come from Internet forums or the WHOIS data of your domain.
In addition, it is often just a matter of trying it out. When the criminals see a domain like @yourdomain.eu and see that the domain is registered with hosttech, they simply try to send emails to certain standard addresses like firstname.lastname@example.org or email@example.com that look out , like they come from hosttech.
What we can guarantee is that the criminals didn’t get your email address directly from us. We do not sell data and hosttech has not been hacked.
Was hosttech unternimmt, um Phishing zu verhindern
We could dedicate a separate page to this topic, which is why we try to give a rough overview here.
Even before you receive such a phishing e-mail, our spam filter tries to recognize and block such e-mails so that you do not even receive the e-mail. This happens more often than you might think. We filter out several million emails per month.
But there are also e-mails that are not sent to our servers. They will not be intercepted by our spam filter. It’s always about finding out something like this as quickly as possible. The links in the e-mails lead to websites and these websites must also be stored on a server.
If we learn of such a case, we will contact the operator of the server to find their customer and disable the site.
This does not even have to be done willfully by this customer. It may be that he himself has already been the victim of a phishing attack, as a result of which the criminals have gained access to his website and are now using the website for their own purposes. This is also the reason why such a phishing website, on which the data is given, can still be online for a long time. We have no control over that. The website is then on a server that we cannot access because it does not belong to us.
What we also do is that we then make the two-factor authentication of our website mandatory for a certain period of time. That means you log in normally on https://myhosttech.eu and then you will receive an e-mail in which there is an additional code that you have to enter before you are actually logged in.
In this way we ensure that it is not enough for the criminals to only have your access data, should you click on the link and enter the data. They would also need to have access to your email account to see the email with the additional code so they can log into your customer account.
Of course, you can also permanently set up two-factor authentication (2FA). In our post How do I set up two-factor authentication? we will explain how you can do this, because it works differently then.
Wie du dich vor Phishing schützt
Basically, it is always better to be safe than sorry.
If an email directs you to a website that asks you to log in, always double and triple check to make sure it’s the real page. The login page for our customer center is always https://myhosttech.eu
The display of the address from which the e-mail was sent can be faked.
Therefore, check which is the real sender address. In Outlook, for example, you can display this by double-clicking on the sender. It then looks like this.
Depending on which e-mail program you use, this will be displayed in different places.
If you discover gross German errors in an e-mail, you can assume with a high probability that it is a phishing e-mail.
An example: “Please click the link below, log in, and follow the steps provided.”
Unfortunately, this is no longer a clear sign of phishing emails these days, as the scammers are getting better and, more importantly, the translation tools are getting better and better.
Like the email address, a link can also be faked.
So before you click on a link in an email, it’s a good idea to hover over the link with your mouse to see which website you’re being directed to. You can see this from the screenshot here:
Schnelle Reaktion erwartet
Another point to keep in mind is that scammers like to pressure you. You should log in as soon as possible to check or change something. The trick here is very nasty when the scammers write that you should log in as soon as possible to change the password because the password has been known.
If you are unsure, do not click any link in the e-mail, but log in by manually entering the URL of the myhosttech customer center in the browser.
Here is the link again: https://myhosttech.eu
If you activate two-factor authentication with us, you can at least be sure that nobody will log into your account with us, even if you entered your user name and password for the myhosttech customer center on a phishing website.
Check out How do I set up two-factor authentication? if you want to know how you can protect yourself with it.
Warum die Kriminellen deine Daten wollen
The criminals only care about your data secondarily. First and foremost, they want to get your login and credit card information. This allows them to compromise other sites and get even more credit card information.
Secondly, in today’s digitized world, your data can be of interest to companies that advertise on the Internet. In this way, the criminals can sell your data and companies can place targeted advertising for you on the Internet.
For example, if you run a website that deals with hiking trips, you could be shown more advertising for hiking equipment, since you are more likely to click on them and thus spend money on the companies.
Wie du mit solchen Phishing-E-Mails am besten umgehst
Be careful, don’t immediately click every link in an email. Even if an e-mail comes from a supposedly trustworthy address, first check where the link wants to take you before you click on it.
You are also welcome to send the e-mail to MELANI (Federal Reporting and Analysis Center for Information Assurance).
We are also happy if you inform us via e-mail. It is best to forward this to firstname.lastname@example.org.
You can then delete the email.