Email phishing attacks have been around for more than 20 years and used to be very easy to spot. But as phishing attacks become more and more sophisticated, people increasingly fall for phishing attacks. Criminals use phishing emails to gain access to your online accounts, which could enable them to steal your money or install malware on your computer. Prominent attacks like the WannaCry ransomeware attack oftentimes start with a phishing attack, usually via email.

Email phishing attacks

Update 2020-04-21: Recently we have seen an increased number of phishing emails trying to steal your Tutanota login. That's why we have made some changes to Tutanota to make it harder for malicious attackers.

We now enable users to report emails for phishing. Then all other users receiving similar emails see a warning banner displayed along with the phishing email. This will help everyone to spot phishing emails and to not fall for phishing attacks.

You will find more information on the strengthened phishing protection in Tutanota here.

Email phishing: How we make sure your Tutanota account stays safe

Now, we'd like to explain how we make sure that no one can phish your Tutanota email address and password. When you receive an email from the Tutanota Team, we never ask you to click a link to confirm or update your login credentials.

We never ask for your password.

How to spot a phishing email for your Tutanota account

To spot a phishing email for your Tutanota account is very easy: These emails do NOT contain a red tag line. This example shows the difference. The first email has been sent by a random Tutanota user trying to impersonate one of our team members, the second one is indeed comings from one of our team members - in this case from Hanna.

An email from the Tutanota Team must always display a red tag line (mint green tag line when using the dark theme) with Tutanota Team:

If this is an announcement - like in the above screenshot - there is no name or email address given next to the tag line. If this email is coming from our support team or one of our team members, the email address is written next to the red (or mint green) Tutanota Team tag line.

This red (or mint green) tag line cannot be added by someone impersonating us who is trying to phish your Tutanota password. It is built into the code of our email client.

Official Tutanota sending domain: tutao.de

When we started building Tutanota, we knew that for an email service it is of crucial importance that no one can impersonate us or members of our team. However, everybody can register for any Tutanota email address.

To solve this dilemma we have been using our company domain rather than Tutanota domains as official email addresses from the start. Our company, which is behind Tutanota, is called the Tutao GmbH. If you receive an email from the Tutanota team, the mail address will always end in @tutao.de.

Why are email accounts targeted with phishing emails?

Your email account holds a lot of sensitive information: You register on most sites like Amazon, PayPal, eBay etc. with your email address, and important institutions like banks send you information via email. This makes your email account the number one target for two reasons.

Many people receive phishing emails that are spoofed in such a way that they look like they are coming from Facebook, Google, or their bank, etc. asking them to enter their login information after clicking a link provided. Phishing attacks also target your mailbox directly, trying to gain access to your mailbox login. This is even more dangerous because when attackers have access to your mailbox, they can ask for a simple password-reset for all online accounts linked to your email address, and just like that they can access and abuse these accounts.

How Tutanota protects you from email phishing attacks

That's why our secure mail service Tutanota does everything possible to protect you from phishing attacks.

Tutanota uses spam filtering that detects most phishing emails so that you do not have to be concerned about them. However, there are always spam mails - also phishing mails - that slip through.

In Tutanota your mailbox is fully encrypted; we have absolutely no access to your encrypted data. Only your password can decrypt the data. So please keep in mind that we would never ask you for your mailbox password.

We can not reset your password to safeguard your Tutanota account.

Criminals often abuse the password-reset function via email to gain access to your online accounts with a phishing email. So to protect your encrypted mailbox to the maximum, there is no option that you can ask us to reset your Tutanota password via email.

If you can't ask for a password-reset, no criminal impersonating you can either. Please remember to write down your password and your recovery code somewhere safe. Only you yourself can reset your password with the help of your recovery code.

Email phishing attacks targeted at Tutanota

We are regularly being informed by users that they have received phishing emails, looking like this.

This email shows everything that's fishy about phishing, and will help you to easily detect phishing emails:

The sender's email address is wrong. When you are logged in in the browser the header in your Tutanota mailbox shows you the sender's name and the sender's email address so that you can easily spot when an email is coming from a wrong sender. In the app the sender's email address isn't shown automatically, but you can easily check it by tapping on the sender's name. Tutanota is one of the few webmail services that warns you when the "technical sender" differs from the "from sender" so that you can spot spoofed mails easily. The content of the email looks fishy as well: The attackers pretend that there is a time urgency, they ask to enter login credentials following a link provided. Never fall for such emails, that's how a typical phishing email looks like.

Our main tip to prevent phishing attacks is very easy: Never share your Tutanota password. Not even with us.

Tips on how to prevent email phishing

Check the sender's email address. If asked to enter login credentials via a link provided, alarm bells must ring. Check the link carefully: If the attackers try to steal your Tutanota login, the link provided will look similar, but not right. Instead of tutanota.com, the attackers might use 1u1nota.com.

If it looks wrong, it probably is wrong

Whenever you receive an email that looks fishy, it is very likely that it is a phishing email. When in doubt, just ask. You can find us easily on Twitter, Mastodon, Facebook, or Instagram, and, of course, via email.

If you receive a potential phishing email from a Tutanota domain, please forward it to abuse@tutao.de.

Recommended for further reading: Email Security Guide: 3 easy steps to keep your emails safe from hackers as well as Password Security Guide: How to choose a secure password.