Codewerk.
Get a quote
Home/Blog/Phishing: the 21 seconds between the email and the click

Phishing: the 21 seconds between the email and the click

Your firewall is fine. Your accountant, on a Friday afternoon, looking at an invoice from a supplier they know — that is the attack surface.

Photo: free stock photography (Unsplash licence) — see imprint

The attack has changed

Nobody is sending you a badly spelled prince letter any more. They are replying inside a real email thread, with your supplier's real signature, asking you to update the bank details on an invoice you were actually expecting.

Technology first, because it never gets tired

SPF, DKIM and DMARC on your own domain. 2FA everywhere, especially on email and the shop admin. External-sender banners. These do not depend on anyone staying alert at 4:45 p.m. on a Friday.

Then one process rule that actually works

Bank details are never changed on the basis of an email. Ever. They are changed after a phone call to a number you already had. This single rule blocks the most expensive attack in German SMEs.

Plan for the click

Someone will click. Have the answer ready: who is called, what gets disconnected, which passwords are rotated, who talks to the bank. A rehearsed plan turns a catastrophe into a bad afternoon.

Key takeaways
  • Modern phishing arrives inside a real thread.
  • Never change bank details based on an email.
  • Rehearse the incident plan before you need it.

We do this for a living — Shopware, Node.js, React, ERP integration and automation for B2B.

Talk to an engineer

// Keep reading

Related articles

Security & Compliance 8 min

E-invoicing: your PDF is no longer an invoice

Structured invoicing (ZUGFeRD, XRechnung) is becoming mandatory in B2B. A PDF attached to an email will not satisfy it — and your shop has to change.

28 Mar 2026 Codewerk Team