How to prevent email phishing attacks - a quick guide.

Email phishing is one of the most severe cyber threats in our digital world. Here is how to keep your online accounts safe from hackers.

Recognizing a phishing email is very easy in Tuta Mail.

One of the most common attacks on the internet that poses an underestimated threat to your online security are email phishing attacks and email scams. By impersonating large organizations scammers try to get hold of your sensitive information and your login credentials such as passwords. But with a few tips in mind, you can easily prevent phishing from being successful.


Email phishing attacks have been around for nearly 30 years. The first use of the term was in 1995 and back then phishing attempts were very easy to spot. But as these attacks become more and more sophisticated, people increasingly fall for phishing attacks and need to keep informed of current trends and tactics by attackers to protect themselves and their online accounts. A rather new risk are targeted phishing emails which are directed to high-profile victims and crafted particularly for them. This technique makes it even harder to recognize such targeted phishing emails as scam. Prominent attacks like the WannaCry ransomware attack started with such a targeted phishing attack, before further actions were taken by the malicious hackers.

But the average internet user does not (yet) need to worry about targeted attacks, though artificial intelligence might bring this threat onto the table for everyone in the near future. In most cases today, criminals use rather standard phishing emails to gain access to your online accounts, which can enable them to steal your password, your money or install malware on your devices. Because email is - and will remain to be - a major communication tool, it is important for everyone to learn the ins and outs about phishing attacks.

What is phishing via email?

Phishing is one of the most common online scams: Malicious actors impersonate companies like Amazon, Facebook, or Tuta Mail, sending emails that pretend to come from these organizations to steal passwords or other sensitive information.

In other words: Email phishing is one form of social engineering used by criminals who are trying to gain access to accounts or systems which they have no permission to access. A phishing email is disguised to look like a legitimate email from a service or platform that almost always includes a link where you are requested to login to your account to take some kind of action.

These emails often come with a stress inducing time limit like “Confirm your password now or your account will be locked within 24 hours and all data will be lost”. This sense of urgency exploits a weakness in our psychology and the recipient of the phishing mail is more likely to quickly click the link to avoid any trouble, thus falling into the trap. Sometimes, in place of a link the email will include an attachment which contains malicious code that will run if the victim downloads and opens it.

As sending emails is free, phishing is one of the most used cybercrime tactic worldwide. While the numbers of phishing emails increase, so do protection and prevention methods. Yet, some phishing emails will always slip through and make it to your inbox, and you yourself are the last line of defense. Read on to learn why your mailbox is targeted with phishing and how to prevent phishing attacks from being successful!

Why are email accounts targeted with phishing emails?

Your email account holds a lot of sensitive information and acts as the hub of your digital life. To register on most sites like Amazon, PayPal, eBay etc., you must provide an email address, and important institutions like banks send you information via email. This makes your email account the number one target for two reasons.

  1. Many people receive phishing emails that are spoofed in such a way that they look like they are coming from Facebook, Google, or their bank, etc. asking them to enter their login information after clicking a link provided.

  2. Phishing attacks also target your mailbox directly, trying to gain access to your mailbox login. This is even more dangerous because when attackers have access to your mailbox, they can use a simple password-reset for all online accounts linked to your email address, and just like that they gain access to your accounts to abuse them.

How do I know if an email is phishing?

Phishing emails usually try to impersonate large organizations, some of which you might have an account with. This makes it tricky as at first glance, you might think this email actually refers to your real account on the platform the scam is pretending to be. With only a few tips, you can make sure that phishing emails can not trick you into giving away your password or downloading malicious attachments.

  1. Always check the sender’s email address in detail. Often the sender differs from the technical sender, which is a common trick used by email scammers.

  2. If asked to enter login credentials via a link provided, alarm bells should start ringing. If you believe an email might be legitimate, use your favorite search engine - which hopefully is not Google to locate their website through an official link before logging in. Do not use the link provided in the email! Many services now keep a log of security messages sent to your account and you can check the status of sketchy looking emails there.

  3. Check the link carefully: If the attackers try to steal your Tuta login, for instance, the link provided will look similar, but not match perfectly. Instead of Tuta.com, the attackers might use 7uta.com.

In addition, check for the following details to decide if an email is phishing or not. Typical signs for phishing are:

  • Demanding immediate action
  • Spelling mistakes and poor grammar
  • Deals that sound too good
  • Claims that you won money
  • Addressing the wrong person
  • Coming from an odd sending domain or a Gmail address
  • Suspicious attachments
  • Demanding to click a link and change your password

Spotting a phishing email might not be easy in all cases, but the above list of examples used in typical phishing emails will help you. If in doubt: Better ignore the email than perform any action that might get your real account in trouble.

How we stop malicious emails in Tuta

In the last few years, we have seen an increased number of phishing emails trying to impersonate official Tuta staff to steal login credentials. That’s why we have improved Tuta to make it even harder for malicious attackers to lure our users into turning over valuable passwords or login data.

We have introduced a feature to help users who might be wondering how to report phishing emails and how to prevent phishing attacks. Whenever phishing emails are reported in Tuta Mail, all other users receiving similar emails will see a warning banner displayed above the suspected phishing email. This will help everyone to spot phishing emails and to not fall for phishing attacks. In addition, phishing emails will be reviewed by our security team and the senders will be manually blocked from reaching our servers and, thus, your mailbox.

Warnbanner, das einer potenziellen Phishing-E-Mail in Tuta Mail hinzugefügt wird. Warnbanner, das einer potenziellen Phishing-E-Mail in Tuta Mail hinzugefügt wird. Warning banner that is added to a potential phishing email in Tuta Mail.

You can find more information on the strengthened phishing protection built into Tuta here.

Anti-abuse features in Tuta Mail

  1. We flag emails if the sender’s email address is wrong. When you are logged in in the browser the header in your Tuta mailbox shows you the sender’s name and the sender’s email address so that you can easily spot when an email is coming from a wrong sender. In the app the sender’s email address isn’t shown automatically, but you can easily check it by tapping on the sender’s name.

  2. Tuta is one of the few webmail services that warns you if the “technical sender” differs from the “from sender” so that you can spot spoofed mails.

  3. Attackers often pretend that there is a time urgency, they ask to enter login credentials following a link provided. Never fall for such emails, that’s a typical phishing email strategy.

Our most important tip in preventing phishing attacks is very easy:

Never change your password when asked out of the blue via email.

How to see if someone impersonates Tuta

Now, we’d like to explain how we make sure that no one can phish your Tuta email address and password by impersonating us. First of all - and most importantly - when you receive an email from the Tuta Team, we will never ask you to click a link to confirm or update your password or other login credentials.

We never ask for your password.

In Tuta we’ve made it dead-easy to spot an email that attempts to impersonate the Tuta Team: As the phishing email example below shows, these emails do NOT contain a red tag line (mint green when using the dark theme). The example below shows the difference. The first email has been sent by a random Tuta user trying to impersonate one of our team members, the second one is indeed coming from one of our team members - in this case from Brandon. As Tuta emails can only be checked in the Tuta mail clients on Android, iPhones and PCs, it is very easy for us to visually distinguish all official emails coming from us - as you can see by the colored “Tuta Team”.

Phishing-E-Mail-Beispiel und Tuta-E-Mail im Vergleich. Phishing-E-Mail-Beispiel und Tuta-E-Mail im Vergleich.

An email from the official Tuta Team will always display a red tag line (mint green tag line when using the dark theme) with “Tuta Team”.

If the email from us is an announcement - like in the below screenshot - there is no name or email address given next to the tag line. If this email is coming from our support team or one of our team members, the email address is written next to the red (or mint green) Tuta Team tag line.

This tag line cannot be added by someone impersonating us who is trying to steal your Tuta password. This tag line is built into the code of our email clients for Android, iOS, Windows, Linux and macOS and only displayed for official emails from the Tuta Team.

Eine verschlüsselte Tuta-E-Mail-Ankündigung Eine verschlüsselte Tuta-E-Mail-Ankündigung

Official Tuta Team email domain: @tutao.de

When we started building Tuta, we knew that for an email service it is of crucial importance that no one can impersonate us or members of our team. However, everybody can register for any Tuta or Tutanota email address.

To solve this dilemma, we have used our company domain rather than Tuta / Tutanota domains as official email addresses from the start. Our company, which is behind Tuta, is called the Tutao GmbH. If you receive an email from the Tuta team, the mail address will always end in @tutao.de.

We can not reset your password to safeguard your Tuta account.

Criminals love to abuse the password-reset function via email to gain access to online accounts with phishing emails. So to protect your encrypted mailbox to the maximum, there is no option to request a reset of your Tuta password via email. Instead, we generate a one-of-a-kind recovery code during the account creation process that you can use in order to reset your password at any time.

If you can’t ask for a password-reset, no criminal impersonating you can either. Remember to store your password and your recovery code somewhere safe. Only you yourself can reset your password with the help of your recovery code.

Recognizing suspicious emails

How to identify phishing emails from other services is also easy when using Tuta. When you receive a suspicious email, you can click on the ”…” icon at the top right of your mailbox and then choose “Show email headers”. This will open a small window which shows the technical sender information for the email in question. Here you can verify the status of DKIM, DMARC and SPF checks to confirm whether this email is spoofing the sender or not.

In addition, most spoofed emails will already be marked with the phishing warning as shown in the above screenshot with the title: “Warning banner that is added to a potential phishing email in Tuta Mail”. This can be displayed thanks to all Tuta users who are reporting phishing emails, and thus help other users to stay safe!

If it looks wrong, it probably is wrong

Whenever you receive an email that looks fishy, it is very likely that it is a phishing email. When in doubt, just ask. You can find us easily on Twitter, Mastodon, Facebook, or Instagram, and, of course, via email.

If you receive a potential phishing email from a Tuta domain, please forward it to abuse@tutao.de.

Thank you and stay safe!


Recommended for further reading: Email Security Guide: 3 easy steps to keep your emails safe from hackers as well as Password Security Guide: How to choose a secure password.