Phishing alert: How to spot fake mailbox.org e-mails

Phishing attack on username and password

Phishing attacks are a constant threat on the internet and are not always easy to detect. Through fake e-mails, cybercriminals try to lure users to fake login pages in order to steal login credentials.

Although we at mailbox.org take various technical measures to ensure that such e-mails do not get into your inbox in the first place, we would like to show you in this blog article how you can recognise that an e-mail does not originate from mailbox.org itself.

What are Phishing attacks?

Phishing is a term that refers to a type of cyber attack in which criminals attempt to steal sensitive information such as usernames, passwords and credit card numbers from unsuspecting victims. Phishing attacks often occur via fake e-mails or websites that look like they come from trusted sources such as banks, government agencies or large companies.

An example of a phishing e-mail would be a fake e-mail from a bank that asks the recipient to click on a link and log in with their banking information. The fake website that the link leads to looks exactly like the real bank website, but the data entered is intercepted by the criminals and used for fraudulent purposes.

Another type of phishing attack can be a fake e-mail from a streaming service asking the recipient to update their credentials in order to continue accessing the service. If the recipient clicks on the malicious link in the e-mail and enters their credentials, the criminals can access the victim's account and potentially steal money or personal sensitive data.

1. Check sender: Recognise genuine e-mails from mailbox.org

  • Be wary of e-mails from unknown senders and check the e-mail address for plausibility.
  • Check the digital signature, if present.

The "from address" can help you distinguish genuine e-mails from mailbox.org from fraudulent phishing attempts. Legitimate e-mails from mailbox.org are typically sent from the address "noreply@mailbox.org". Different departments, such as our support, of course use their own address - but our support contacts customers onlfy when they have a customer enquiry and not proactively.

If you receive an e-mail from an unknown address or even another domain claiming to be from mailbox.org, you should become extremely suspicious. It is important to pay attention not only to the displayed name of the sender, but also to the actual e-mail address. If the address is not "noreply@mailbox.org", it is probably a phishing attempt.

A trustworthy sender signs his e-mails with a digital signature. Our e-mails from noreply@mailbox.org are always signed. No fingerprint matching is necessary in the webmailer. The public key is already available. If an external e-mail client is used (Thunderbird or Outlook, etc.), which has its own PGP key management, the public key from noreply@mailbox.org must be imported. In this case, matching of the fingerprint is necessary. Here you can find our public key and key ID: Digital signature from mailbox.org →

Beware of corrupted links

2. Avoid typical traps: Watch out for suspicious links, attachments and login pages

  • Check the URL of the website you are visiting carefully and look out for spelling mistakes or unusual domain names.
  • Never open files in the attachment of a suspicious e-mail.
  • Be sceptical of e-mails that ask you to click on a link and log in or give out personal information.

A key feature of phishing emails is the use of fake links that lead to mock login or password reset pages. If you receive an e-mail from mailbox.org asking you to visit a link, first check the URL of the link.

A genuine mailbox.org URL should always begin with "https://mailbox.org/" or "https://www.mailbox.org/". However, if the link points to another domain that looks similar to the real domain, it is probably a phishing attempt. For example, a phishing URL might look like "https://mailb0x.org/" or "https://www.mailbox-org.net/".

Beware of corrupted links

3. Identify inconsistencies: Mistakes, grammatical and spelling errors and unusual layout and design

  • Be suspicious if you are not addressed as usual or the e-mail uses a different language.
  • Look out for deviations from the e-mails you have received so far.

Phishing e-mails often contain spelling, grammatical or spelling mistakes that should not appear in official e-mails from mailbox.org. Pay attention to whether the e-mail is worded unusually or contains errors that may indicate forgery.

Many phishing e-mails try to imitate the layout and design of the official e-mails of the attacked company. However, differences and inconsistencies are often noticeable. Look out for unusual formatting that differs from the normal e-mails from mailbox.org.

There are cases of very well-made forgeries, especially from well-known companies, which are difficult if not impossible to distinguish from the original.

4. Do not disclose personal information

  • Avoid sharing personal information in e-mails, even if they appear to come from trustworthy sources.
  • If you are unsure whether an e-mail may legitimately ask for confidential data, it is best to ask the named provider via the support team or helpdesk.

Another important detail to keep in mind is that mailbox.org never asks its customers for passwords or credit card details via e-mail. Official e-mails from mailbox.org may inform you about changes to your account or new features, but they will never ask you to reveal your login details or payment information directly via e-mail.

5. When in doubt: make enquiries

  • Report suspicious e-mails to the mailbox.org support team.

If you have doubts about the legitimacy of an e-mail, contact mailbox.org or suspicious companies and ask for clarification. You may provide the crucial tip to avoid further phishing attacks on other customers.

This is how mailbox.org protects their customers from phishing attacks

  • mailbox.org digitally signs its own e-mails.
  • mailbox.org uses state-of-the-art spam filters.
  • mailbox.org follows up on its customers' tips immediately.

We sign our own e-mails so that verification is possible. Our spam filters screen out e-mails with known phishing URLs. So that our customers do not receive them in the first place. We use public phishing databases for this purpose. In addition, SPAM senders reported by our customers are thoroughly checked by us and blocked if necessary.

Despite all these measures, it is always a cat-and-mouse game between the cyber criminals and our defence measures. And that is why you should always remain vigilant.

Conclusion

To successfully protect yourself from phishing attacks, it is crucial to be vigilant and pay close attention to the e-mails you receive. If you receive an e-mail purporting to be from mailbox.org asking you to give up your password, credit card details or other confidential information, it is most likely a phishing attempt. Check links carefully before clicking on them. Look for spelling mistakes, unusual design elements and suspicious salutations.

If you suspect phishing, do not open any links or attachments. If in doubt, log in directly to mailbox.org yourself. By taking these tips to heart, you can better protect your personal data and minimise the risks of phishing attacks.

  • zurück
  • nach Oben