E-mails are fundamentally not a secure means of communication. The structure of an e-mail corresponds to a common letter, which means that the sender can be entered/falsified as desired. The recipient can therefore not check the correct sender of an e-mail without further action.
Evonik always uses the domain (trailing section of an e-mail address after the @ sign) evonik.com or <xyz>.evonik.com as the sender (e.g. firstname.lastname@example.org). However, e-mails with these senders are not safe per se, as they can also be easily faked. Conversely, however, an Evonik e-mail with a different sender is a very good indicator of a bad forgery. This applies in particular to similar-looking domains such as evoniik.com, euonik.com, or evomik.com.
So as a matter of principle, do not trust the sender and check the content of the email for consistency and legitimacy. If in doubt, always contact your internal IT department and/or report suspicious e-mails to your IT security team. If you have a contact person at Evonik, you can also contact them. However, under no circumstances should you use contact data from the suspicious e-mail for this purpose, but rather a telephone number you already know; only in an emergency should you make contact via a new e-mail to a known @evonik.com address.
Only additional technical methods can be used to verify whether the sender of an e-mail is genuine. Therefore, we recommend these steps to increase security:
1. For mail programs that use the so-called "BIMI" (Brand Indicators for Message Identification), the Evonik logo is displayed next to the e-mail after successful verification:
2. If your email program does not support "BIMI" (e.g. Outlook), contact your IT department or IT security team with the information for IT professionals.