Monika, 61: When the Internet wasn't working, she asked her son for help.*

I wasn't keen at all. I didn't mind going to the bank. And computers are not really my thing. It was Tobias who pushed the idea really: "Try online banking, Mum; it's really easy. And it saves you lots of time."

I am now staring in disbelief at the e-mail in my inbox with the subject "Debit from your account"; the sender is my bank. It says €2355 has been debited from my account. My bank usually sends an e-mail like this informing me of higher debits. My heart is pounding and I carefully click on the button that takes me to my bank login page. I look for my access data among my banking documents and try to log in, but it doesn't work. Instead, nothing happens. I keep coming back to the same login page.

Have I made a mistake somewhere? I'm really worried about the money as I look for the last letter I received from my bank and call them. The bank employee explains to me that no money has been debited from my account yet but I had fallen for a well-known phishing trap set by Internet criminals. They had now stolen my bank account access data and would block my online access immediately and send me a new access code. Well, that's just great, I think. Why would something like this happen to me?

When I hang up, I am furious about this audacity and glad that I reacted quickly. But the realisation hits me: by acting good faith, I have fallen into the trap of a criminal and opened the door to my personal account. What I can do to prevent this happening again?

Recognising phishing e-mails

By phishing, cyber criminals play on intimidation, lack of trust and the lack of technical understanding of their potential victims. Phishing attacks always work the same way: you receive a fake e-mail that contains links to equally fake websites or pop-up windows where you are asked to enter access or payment data under a pretext. This allows the criminals – often unnoticed – to access the login data for your online banking or webshops. If you have any doubts at all you should ignore the e-mail and delete it immediately. Here are 10 ways you can recognise phishing content:

• Remember: banks, insurance companies or public authorities always choose the postal route for urgent matters or sensitive data.
• The e-mail subject refers to an invoice, your personal data or special offers so that you trust it.
• The way the e-mail addresses you is not personal ("Dear Customer", "Dear User").
• The e-mail contains threats or instructions for action ("If you do not transfer money within three days, then...").
• The e-mail contains unusual spelling mistakes, twisted phrasing or awkwardly resolved umlauts (oe, ae instead of ö, ä, ü).
• The text is poorly written or in a foreign language.
• You are asked in the e-mail to enter your personal data such as a TAN or PIN (banks and webshops would never do this).
• The web address of the page you call up has spelling mistakes or unusual additions (instead of: sparkasse.de e.g. 184tg.sparkasse.com).
• A suspicious e-mail can also pretend to be a reply to an e-mail apparently sent by you. If you are sure that this cannot be the case, ignore or delete the e-mail.
• Additional tip: you can also find out the real sender from the mail header (or source text). The Consumer Advice Centre shows you how to do this.
  

Phishing e-mails are becoming increasingly sophisticated and difficult to recognise. They might contain all or only some of these features. Important: If you doubt the authenticity of an e-mail, do not react to the it; contact your bank in person or by phone to verify the request.

*Fictitious use case