Photo: free stock photography (Unsplash licence) — see imprint
The attack has changed
Nobody is sending you a badly spelled prince letter any more. They are replying inside a real email thread, with your supplier's real signature, asking you to update the bank details on an invoice you were actually expecting.
Technology first, because it never gets tired
SPF, DKIM and DMARC on your own domain. 2FA everywhere, especially on email and the shop admin. External-sender banners. These do not depend on anyone staying alert at 4:45 p.m. on a Friday.
Then one process rule that actually works
Bank details are never changed on the basis of an email. Ever. They are changed after a phone call to a number you already had. This single rule blocks the most expensive attack in German SMEs.
Plan for the click
Someone will click. Have the answer ready: who is called, what gets disconnected, which passwords are rotated, who talks to the bank. A rehearsed plan turns a catastrophe into a bad afternoon.
- Modern phishing arrives inside a real thread.
- Never change bank details based on an email.
- Rehearse the incident plan before you need it.
We do this for a living — Shopware, Node.js, React, ERP integration and automation for B2B.
Talk to an engineer