// Guides
Spotting phishing & AI fraud (2026)
Phishing is the attempt to obtain logins or payments via fake messages or websites. In 2026 most phishing mails are written with AI — flawless and personal. Typos as a warning sign are no longer enough.
Updated: 2026-06-19
Immediate steps
- 1Check the sender and domain carefully — the real address, not the display name.
- 2Inspect links before clicking: reveal the target; unusual numbers/characters in the address are suspicious.
- 3Watch for pressure and urgency — artificial deadlines and threats are the core tactic.
- 4When in doubt, never reply to the message: contact the provider via the official route you enter yourself.
- 5A request for a TAN without your own transaction is a clear fraud signal.
- 6Use an authenticator app instead of SMS codes; report suspicious mails to your provider.
What not to do
- Do not open links or attachments from unexpected messages.
- Do not rely on spelling — AI phishing is linguistically perfect.
- Never hand over codes, passwords or TANs by phone or via a form from a message.
When professional help makes sense
Unsure whether a message or website is genuine? We check the indicators, assess the risk and name the next steps — before damage occurs.
Get in touchCommon questions
- How do I detect AI phishing?
- By context and behaviour rather than errors: unexpected reason, pressure, unusual payment or login request, a deviating domain. Verify via a second channel.
- What are smishing and vishing?
- Smishing is phishing via SMS/messenger, vishing via phone call. One variant deliberately avoids links and pushes you to call a number.
- I clicked — what now?
- Enter no data, disconnect, change affected passwords, check 2FA and document the incident.