Cybermyth: I can trust every email sender I know!

11.11.2021 - If you recognise the sender's email address that is displayed, you can by no means assume that the email actually came from that person. Sender email addresses can actually be forged with ease.

Many current cyberattacks are carried out via emails with forged sender addresses. Firstly, to create trust and secondly, to trick the recipient into acting without thinking. For example, phishing emails mostly use banks as senders. But the identities of other well-known companies are also used to dupe victims. Another popular scam involves emails that were supposedly sent by acquaintances, colleagues or one's boss.

It is very easy to forge an email address. Just like with a letter in the analogue world, any sender's address can be used in an email.

Therefore, the sender's email address can never be used as a means of verification. Email senders can be verified solely by using digital certificates. However, these are not yet widespread and it is difficult for most internet users to use them.


  • Beware of emails with a known sender if a previous exchange is suddenly used out of context.
  • Use another means of communication, e.g. the telephone, to briefly ask the person if the email is really from them.
  • Similarly, be cautious if you are suddenly asked for money or urged to make a transfer. A typical feature of fraudulent emails is that the requested action is to be carried out as a matter of urgency.
  • Be extremely careful if an email asks you to click on a link or open a document. Never click on links or open documents if you do not know the sender. It is better to ask too often than not often enough when dealing with known senders.

Last modification 11.11.2021

Top of page