⚠️ Online Risks

Online Security

Recognizing phishing, 2026 scam methods, checking for data breaches, antivirus reality — what you really need to know before you click.

🔐 Privacy CompendiumOnline Security

Most security incidents have nothing to do with sophisticated hacker attacks – but with very common methods: phishing emails, fake senders, leaked passwords. If you know the tricks, you won't fall for them. Here we show what's current in 2026 – and how to proceed systematically if something does happen.

📋 Contents of this page

🎣

Recognizing Phishing

Phishing is an attempt to lure you to a fake website or trick you into clicking to obtain login credentials, banking details, or other sensitive information. The methods are getting better in 2026 — thanks to AI – but the basic rules for detection remain the same.

Classic Phishing Indicators

  • Fake sender address — supposedly from "PayPal", but from "paypal-security.xyz"
  • Generic salutation — "Dear Customer" instead of your name (at least it used to be; AI makes it more personal today)
  • Artificial pressure — "Your account will be suspended in 24h!", "Act now!"
  • Suspicious links — hover over the mouse, check the URL. "Amazon" as a domain must really be amazon.de or amazon.com, not amaz0n.de or amazon.security-center.com
  • Spelling/grammar errors — becoming less common with AI, but still an indicator
  • Request to enter sensitive data — no reputable bank will ask for your PIN or TAN via email

2026 URL Tricks

Subdomain Tricks

The real domain is at the far right before the next slash. amazon.de.evil.com belongs to evil.com – not Amazon.

Lookalike Characters

amaz0n.de (zero instead of O), gооgle.com (Cyrillic characters). Looks identical, but it's not.

Hyphen Tricks

paypal-sicherheit.de, sparkasse-online.com – tacking on professional words, looks plausible, but it's not.

HTTPS Deception

Even phishing pages today usually have HTTPS and a padlock symbol. Connection security ≠ trustworthiness of the page.

💡 Rule of thumb: For emails with links to login pages – never click on the link, but manually open the website in your browser. The extra effort is 10 seconds, but it protects you from one of the most common attack types.

🎭

2026 Scam Methods

Beyond classic phishing, new scams are emerging that are becoming increasingly sophisticated thanks to AI and data breaches:

AI Voice Imitation ("Vishing")

With short voice samples (e.g., from social media), realistic voice clones can now be created. Popular trick: "Mom, it's me, I had an accident, I need money quickly" — with the real voice of the daughter/son. Hard to recognize.

Protection: Agree on a family codeword. Anyone calling in an emergency must say the codeword. Sounds simple, but it's unbeatable against voice clones.

Investment Scams & "Crypto-Romance"

Trust is built on dating platforms or social media, then comes the tip about a "guaranteed profitable" crypto platform. Initial deposits seem to work — withdrawals never do. Classic advance-fee fraud, repackaged.

Digital Grandparent Scam

WhatsApp: "Hi Mom, this is my new number, can you quickly transfer some money?" – Thousands of victims per month, damages in the millions.

Protection: If money is requested, always call back on the old number, do not reply to the new one.

Fake Microsoft Calls

"We detected a virus on your PC" — the caller wants to convince you to install remote maintenance software (TeamViewer, AnyDesk). Once they have access, they go for online banking, stored passwords, everything.

Protection: Microsoft never calls unsolicited. Hang up immediately.

⚠️ Most important rule: If there's any pressure to act immediately – pause. Real emergencies can tolerate 5 minutes of thought. Scams count on your panic.

📋

Checking for Data Breaches

Virtually everyone with an email address who has ever registered somewhere has data in some leak. LinkedIn hack 2021, Facebook leak 2019, Adobe 2013, Yahoo 2014, Marriott 2018 — the list is endless. Important: Which of your data are affected, and what does that mean?

The most important data breach checkers

  • Have I Been Pwned (haveibeenpwned.com) — the classic, very reputable, run by security researcher Troy Hunt
  • HPI Identity Leak Checker — from the Hasso Plattner Institute (University of Potsdam), a German alternative
  • Firefox Monitor — based on HIBP, built into the browser
  • Google Password Check — checks stored passwords against known leaks

What to check?

  1. All your email addresses — even old ones you hardly use anymore
  2. Phone number — yes, that also appears in leaks
  3. Frequently used passwords — HIBP has a password check (not clear text, but hash)

What to do if your data has been leaked?

  1. Change password immediately — for the affected service and everywhere you have reused the password
  2. Activate 2FA — two-factor authentication also protects against compromised passwords
  3. Watch for suspicious activity — login notifications, unfamiliar IP addresses
  4. For sensitive data: Contact the police, if necessary, request a SCHUFA self-disclosure

📊 Reality 2026

If you check HIBP against your main email address, you'll often find 5-15 hits. This is normal, no cause for panic. The important thing is: use unique passwords for each service, then a leak won't lead to a chain reaction.

🕳️

Darknet Leaks: What happens to stolen data?

When data is leaked, it doesn't just end up "on the internet" — it's sold on Darknet marketplaces. Credit cards, logins, complete identity packages. What happens specifically?

From Leak to Misuse

  1. Initial exploitation — hackers themselves use the most valuable data first (e.g., bank access)
  2. Bulk sales — thousands of data records as a package on Darknet marketplaces
  3. Credential stuffing — bots automatically try leaked passwords on thousands of services
  4. Identity theft — accounts are opened and loans are applied for in your name using your name, address, and date of birth
  5. Phishing ammunition — leaked data makes phishing emails extremely convincing

Identity Theft: What you can do

  • Regular SCHUFA credit report — free once a year, shows unknown accounts/loans
  • Check bank statements — even small amounts (test transactions before major frauds)
  • Activate login notifications — for email, social networks, banks
  • Identity protection services — monitor Darknet forums and report if your data appears there

🟡 AVG Ultimate — Complete Package Including Identity Protection

AVG Ultimate 2026 includes, in addition to antivirus and tuning, identity protection with Darknet monitoring – if your email address or other data is leaked anywhere, you receive a warning and concrete recommendations for action.

Plus: VPN, anti-tracking, webcam protection, and anti-ransomware in one package.

View AVG Ultimate 2026 →

🛡️

Antivirus Reality: What do you really need?

One of the most common questions: "Is the built-in Windows Defender enough, or do I need something extra?" Let's be honest.

Windows Defender 2026 — The Honest Standpoint

  • Solid Basic Protection — usually performs well in tests (AV-Test, AV-Comparatives) today
  • Deeply Integrated into Windows — no performance issues, no annoying pop-ups
  • Free & Zero Configuration Required
  • ⚠️ Reactive, Not Proactive — protects against known threats, but is slower with brand-new threats
  • ⚠️ Few Additional Features — no VPN, no webcam protection, no identity protection
  • ⚠️ No Specialized Modules — basic anti-ransomware protection

When is Defender enough?

If you browse cautiously, don't make questionable downloads, diligently update, and use an ad blocker: Yes, Defender is sufficient in most cases.

When is a suite worthwhile?

If you want more convenience or special features:

  • VPN included
  • Anti-tracking and anti-phishing browser extensions
  • Webcam/microphone protection
  • Anti-ransomware with behavioral analysis
  • Identity protection / Darknet monitoring
  • Parental control
  • Mobile protection for family

🟡 AVG Internet Security & AVG Ultimate

If you want more than Windows Defender, but not snake oil: AVG has been in the top tests of all major labs for years.

AVG Internet Security is the compact solution: Antivirus, firewall, anti-phishing, webcam protection, file shredder. Ideal for users who simply want better protection without unnecessary frills.

AVG Ultimate 2026 is the complete package: everything from Internet Security plus VPN, tuning, identity protection, anti-tracking. For families and power users.

View AVG Internet Security →  |  View AVG Ultimate 2026 →

Also for smartphones

Smartphones are at least as valuable targets as PCs today. Avast Mobile Ultimate offers app scanner, anti-phishing, theft protection, and VPN for Android and iOS.

View Avast Mobile Ultimate →

🔍

Detecting Traces: What to do after an Incident?

Do you suspect someone was on your PC? Strange activity in the logs? Suddenly installed software changed? Systematic trace analysis helps here.

Suspicions

  • Browser history shows pages you haven't visited
  • Email account shows unknown logins or devices
  • Programs start that you haven't installed
  • PC suddenly behaves differently (slower, fan constantly loud)
  • Mouse pointer moves by itself
  • Webcam LED lights up for no reason

Immediate Measures

  1. Disconnect from the internet — in case of an acute incident, turn off Wi-Fi, unplug LAN cable
  2. Do not install or delete anything — do not destroy evidence
  3. Secure backup of your files to an external drive (check for malware beforehand)
  4. Change passwords — from a different, secure device
  5. In severe cases: Police, possibly forensic professionals

🟡 Forensic System & Rescue Stick

Forensic System is Engelmann's tool for detailed trace analysis on a Windows system: activity logs, deleted files, USB device history, browser traces even after "deletion". This gives you a picture of what happened on your PC – even if someone tried to cover their tracks.

Rescue Stick is the emergency solution for acutely infected PCs: You start the system from a USB stick (outside the infected Windows), can back up data, and perform clean diagnostics without the malware remaining active.

View Forensic System →  |  View Rescue Stick →

⚠️ Important: In case of suspected targeted attack (stalking, industrial espionage, serious incidents) — do not attempt self-treatment, but involve professionals. The police ZAC (Central Contact Point for Cybercrime) of the respective federal states is the first point of contact.

🛡️

Tools for your Online Security

AVG Ultimate as a complete package with identity protection. AVG Internet Security as a compact antivirus plus. Avast Mobile for smartphones. Forensic System and Rescue Stick as special tools for emergencies.

🛡️ AVG Ultimate 🌐 AVG Internet Security 📱 Avast Mobile 🔍 Forensic System 🆘 Rescue Stick
More in the Data Protection Compendium:
🔐 Hub 🪟 Windows Data Protection 🌐 On the Go