NoPhish Flyer

The NoPhish Flyer is one part of the NoPhish education concept (among others like: android app, info card and poster) and contains an overview of the most important rules to detect phishing attempts.

The following rules will help you with verifying the legitimacy of a URL:

1.) On desktop devices (e.g. PC or laptop), the actual destination usually appears in the status bar or a tooltip when hovering over the link.

On mobile devices (e.g. smartphone oder tablet), how to detect the actual destination of a link depends on the used device. Usually slightly pressing a link for 2 seconds without clicking it opens a dialog in which the actual destination is shown.

2.) Pay full attention to the so called who-section when checking the URL.

The who-section is simply the last two terms before the first stand-alone "/" (in this case, of a URL. The who-section is the most important part when it comes to detecting phishing URLs. The technical term for who-section is domain.

3.) If the area between "http://" and the third slash is numerical, this is usually a strong indication that it is a malicious URL. Best to play it safe and not to click on this link.

4.) Some messages embed the genuine company name somewhere other than the who-section, to allay your suspicions. Best not to click on this link either.

5.) Carefully examine the who-section for typos (zz instead of z, kc instead of ck). If you detect any such typos don‘t trust the link or the website spelling mistakes do not enter any personal data!

6.) Examine the who-section very well for the use of similar looking letters and numbers (in this case "rn" instead of "m" or "1" instead of "I"). If the who-section has letters that are replaced by similar characters or numbers, do not enter any data either!

7.) Sometimes the who-section uses an adaptation (for example: facebook-secure) of the genuine who-section. This is a strong indication of a phish attempt. These attacks are hard to identify because you have to know the who-section should look like. Another difficulty is that some legitimate websites do not have a clear who-section (for example, the Volksbank uses the URL If you are unsure, use a search engine to look for the company’s legitimate URL.

Note, these rules were designed for the German context. Some countries use a combination, something like a double-barrelled surname, instead of .com. For example, the UK uses, or In this case, the who-section is the last three terms before the first stand-alone "/".


For questions please contact Silke Rehfeld oder Melanie Volkamer on the following e-mail-address.

A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Suche Search | Kontakt Contact | Website Analysis: More Information
zum Seitenanfangzum Seitenanfang