Emails are still the most common communication channel chosen by cyber criminals to attempt to commit fraud against companies. The goal and purpose of the attack is to elicit critical information from employees or to infiltrate malware. The potential victims are supposed to be led to certain actions by means of targeted deception without them even noticing it. They are supposed to open a link or a document, disclose login details and passwords, or even credit card data including PIN, or make an immediate payment.
It is therefore essential to repeatedly sensitize employees to handle incoming emails with particular care in order to protect data and computers from cybercrime. There are a few simple precautions that can go a long way towards protecting companies, as well as private individuals, from malware, phishing or other types of fraud. The following 5 rules for handling emails should be applied consistently by everyone.
The 5 most important tips
- Be especially careful whenever you feel pressured to act because the sender implies that, for example, deadlines are running out or «it's too late otherwise».
It's your ultimate chance to win something, or the last chance to avert disaster, from yourself or someone else. Or you may be told that a package containing your order cannot be delivered and will be returned the very next day unless you pay customs immediately. Such urgent prompts should make you wary. Never click on a link or open an attachment unless you are 100 percent sure who the email is from and whether its content makes sense. For example, did you even order anything from abroad? In such a situation, a virus scan is recommended. It detects dangerous content and eliminates such mails, but only if you always use an up-to-date version of the software. However, if you have clicked on a link and have reached a form, never enter any personal data, and never give any credit card or bank account information! Unless you want to donate your savings to a cyber criminal... If, despite all precautions, it happens anyway, change your passwords immediately!
- Stay alert when things get emotional and don't get caught on the wrong foot.
Cyber criminals are extremely creative when it comes to catching your victims off guard and making you react rashly. They are always finding new scenarios to get to their target. They use a method called «Social Engineering» On social media, they specifically collect information about you and your private life and find your weak point. The purpose is to put the victims in an emotional state (fear, panic...) and perform actions planned by the perpetrators without thinking and without realizing that they are being manipulated by others. The criminals perform psychological tricks, think themselves perfectly into the victims and control them at will. If you feel unsafe and pressured, pause and go into distrust mode. Give yourself time to think things through. Rushed action is exactly what the criminals are aiming for. When in doubt, seek advice from experts (e.g., the National Cyber Security Center) before taking action or consult with the internal IT team.
- Check sender and content carefully, especially if you have to open attachments.
Always distrust emails if the sender's address is unknown to you. Be especially cautious when opening documents or programs sent with the email and do not respond to suggested links. Malware is often distributed via Office documents, for which the macro function is usually exploited. Therefore, never give permission to activate the macro function.
However, malicious emails do not always come from unknown addresses. Frequently, email addresses are used that appear familiar at first glance. Only on closer inspection does it become clear that there are small deviations from the known address - for example, a letter is missing, there is a typo/letter error, there is a period instead of an underscore in the address, or similar.
Even emails from a known sender can be dangerous - some malware spreads by sending itself by email to recipients listed in the address book. You should therefore also be careful if you suddenly receive unrelated and unfounded references to communications you have already made, or if topics you have already dealt with are suddenly brought up again.
In any case, if in doubt, always ask IT first whether you can safely open a file.
- Block the receipt of dangerous email attachments before they arrive in the inbox.
Even safer is to block the receipt of dangerous email directly on your email gateway. For a detailed, updated list of options, visit the GovCERT website and check the download section. Make sure that dangerous email attachments are blocked even if they arrive as ZIP or RAR files, for example. Emails that contain macros (e.g. Word, Excel or PowerPoint) can also be risky.
- Software update of the email program
Email programs can also have security vulnerabilities Regularly check whether a software update is available for your email program. If so, install it immediately and always keep it up to date, because cyber criminals are very inventive and always find new ways to obtain foreign data.
While email is only one way that cyber criminals want to and can harm you, it accounts for a large portion of attacks. A good firewall can fend off many attacks, but not all. Therefore, it is important to make your employees aware of the different attack methods before it is too late!
We support, advise and raise awareness. Contact us.