label_alt_logo
IT Consulting
2026-05-06 / IT security & data protection

Phishing Emails in Your Inbox: Warning Signs You Should Know

by Sabrina Stein
Last edited on: 2026-05-06

Cybercriminals are imitating emails from real business partners and providers more convincingly than ever – and their methods are becoming increasingly sophisticated. We explain how to reliably identify fake emails, what domain spoofing is, and what to do in an emergency.

a credit card on a hook – symbolic representation of phishing

Phishing emails are no longer a rarity – and they are becoming increasingly professional. Instead of obvious fakes, deceptively authentic messages are now landing in inboxes that appear to come from your bank, your parcel service, or your hosting provider. This article explains how phishing works, how criminals get hold of your address, which new tricks are currently being used – and how to distinguish real emails from fake ones.

How do fraudsters know your email address?

One question customers sometimes ask us is: “If I receive a phishing email pretending to be from you – does that mean you have a data protection issue?” The short answer: no.

Fraudsters use a simple method: publicly accessible tools can be used to identify which IP addresses belong to which hosting provider. Anyone operating a website is publicly visible through their IP address in public registries. This makes it possible to determine who is hosting with which provider. The email address itself is often easy to guess: almost every company has an info@address.

A data leak on our side (or that of another service provider) is not necessary for this type of phishing – nor is it the cause. This is a general problem within the email ecosystem, not a specific security issue with your provider.

This is what a typical phishing email looks like

How can you distinguish a phishing email from a legitimate one? Many phishing emails reveal themselves through a combination of different characteristics. Watch out for these typical warning signs:

Example of a phishing email

From: support@your-hoster-online.net ⚠ WRONG DOMAIN
To: info@your-company.com ⚠ NOT YOUR CONTACT ADDRESS
Subject: Your hosting package is expiring – act now!

Your hosting contract will expire in 24 hours. To avoid an interruption to your website, please click the following link immediately and confirm your payment details:
⚠ URGENCY

https://confirm-payment.com/account

⚠ EXTERNAL DOMAIN!

Warning signs at a glance

  • Wrong sender address: The domain your-hoster-online.net is not the provider’s official domain.
  • Incorrect recipient address: The email is sent to info@, not to the address you registered as your contact address with your provider. Your provider would always contact you using exactly that address – if an email is sent to a different address, this is a clear warning sign.
  • Artificial urgency: “24 hours”, “act now” – this is deliberate pressure intended to prevent you from taking time to think.
  • Suspicious link: The URL does not lead to the provider’s domain, but to a different, similarly named website.
  • No personal greeting: Many providers address you directly by name in their emails – not as “Dear Customer”. If your provider suddenly changes the way they address you, this could also indicate a phishing email.
  • Request to enter data via a link: No reputable provider will ask you via email to enter payment details through a link.

Even when the sender address appears to be “correct”: domain spoofing

This is where things become a bit more technical – and that is important in order to understand it properly: there are now phishing emails in which the sender address appears completely legitimate at first glance. They actually display the provider’s real domain. This is known as email spoofing.

The email protocol was originally developed without strict sender verification. If a mail server is not configured correctly – using the protection mechanisms SPF, DKIM, and DMARC – attackers can send emails that display any sender address in the “From” field, including your own or that of your provider.

Since 2025, this attack method has become significantly more common. These emails appear to be internal or official messages because the sender and recipient domains seemingly match.

What can you still do?

With every suspicious email – even if the sender address appears legitimate – you should check the other indicators: the recipient address, greeting, destination link, and the content of the request. A spoofed email can fake the sender address, but not your real customer relationship. So please also trust your instincts when it comes to this topic. If something feels wrong, there is usually a reason for it.

6 questions to ask before clicking a link

  1. Does the sender domain match exactly? For example, we only send emails from our official domain – never from modified spellings or different extensions. If you suspect spoofing, check the remaining indicators.
  2. Was the email sent to the address I registered with the provider as my contact address? We always contact our customers using the address you registered with us as your contact address – not an info@ address, unless that is your actual contact address.
  3. Am I being addressed by my real name, or just as “Customer” – even though I was previously always addressed by name?
  4. Is there a sense of urgency intended to pressure me into acting quickly?
  5. Where does the link actually lead? Hover over it without clicking – and read the URL carefully. Links in our genuine emails always lead to our official domain – you can verify this in your browser’s address bar.
  6. Would this type of request (payment, login, entering personal data) be typical for a legitimate provider?

If in doubt: call us or log in directly to your customer account through your browser – without using the link in the email.

Do you need support implementing a secure backup strategy? Then simply get in touch with us. Together with you, we will find the optimal backup solution for your needs.

What should you do if you have received a suspicious email?

If you are unsure whether an email is genuine: Do not click any links and do not open any attachments. Type the address of the customer portal manually into your browser’s address bar, or contact our support team directly.
If you have already clicked on a link or entered data, act immediately: Change any affected passwords, inform your bank if payment details were involved, and report the incident. If you suspect a serious issue, the BSI (Bundesamt für Sicherheit in der Informationstechnik – German Federal Office for Information Security) provides guidance and resources at bsi.bund.de.

The most important points at a glance

Phishing is not caused by data leaks at your provider. Fraudsters guess addresses using publicly available sources. 

Do not only pay attention to the sender address, but also check which address the email was sent to – if it was not sent to your registered contact address, this is a clear warning sign. 

Advanced attacks using domain spoofing can even imitate the correct sender domain – in that case, check all other indicators carefully. If in doubt: log in directly, never through the link provided in the email.

Sign up for our newsletter

And receive our white paper on data backup for 0€

Protect your data before it's too late

Read our white paper to find out how you can create a reliable safety net for your valuable data – and protect your business from the serious consequences of data loss.

  • Why are the right precautions essential?
  • Why should your data backup strategy be individually tailored to your company?
  • What considerations should you make before performing regular data backups?
  • Which strategies and methods reliably protect your data against loss?

Look forward to practical questions, a helpful checklist, and concrete use cases – so you can make well-informed decisions about your data backup strategy.

You agree to the processing of your data for the purpose of sending the newsletter. You can withdraw your consent at any time, for example by using the unsubscribe link in the newsletter. You can find detailed information on the processing of your personal data in our Privacy Policy under point 16.

Sabrina Stein
Marketing & Communication
In her articles, Sabrina Stein presents complex topics from the areas of hosting, IT and digital business in a clear and understandable way for you. She creates an exchange between those interested in IT and those who are still lacking certain background information and would like to get more in-depth information.

Read more:

What homeschooling has to do with safety & responsibility
IT security & data protection
What homeschooling has to do with safety & responsibility
Digitalisation, data protection & IT security are important pillars of long-term success. More and more companies are developing an awareness of the relevance of secure IT and the responsible handling of personal data. By 2020 at the latest, existing weaknesses in this area became painfully obvious to those concerned. But the digitalisation backlog in the area of school education has become clear in this context not only to the schools themselves, but also to teachers, parents and students.
Read more ⇾
Outsource backup - 5 reasons for cloud backup
IT security & data protection
Outsource backup - 5 reasons for cloud backup
Backup data online in the cloud or locally on a hard drive? In online business in particular, sensitive customer data and internal website data are juggled on a daily basis. A regular local backup should be a prerequisite. But what use is a local backup if this can also be damaged by a short circuit? The 3-2-1 method in combination with a cloud backup could be the solution!
Read more ⇾
Cookies from Youtube are required to display the video content.
More about this in our privacy policy.

  I agree
Server location Germany
GDPR compliant
Highly available
datacenter
Support within
Minutes
Sustainable
All around
Company
Service & Support
Products
Things to know Payment methods
Bank transfer
Find domain
Social Media
Our partners & technologies
Our partners: Eco, Ripe, Denic, Core
©1997-2026 KEYWEB AG