Secure Mail: How to protect yourself against phishing attacks
(Co-author: Moritz Wappner)
German companies, TÜV SÜD reports quoting the latest phishing report by Cofense, are particularly frequently targeted by criminal phishing attacks. Since the beginning of the corona pandemic, this risk has increased even more.
TÜV SÜD explains how to recognize suspicious e-mails—and we tell you what you can do in addition to this to effectively protect yourself and your employees against phishing attacks.
What is phishing?
Phishing (from fishing) is a method of trying to gather personal data from internet users by means of deceptive e-mails or websites in order to commit identity theft. The fake sites and messages often deceptively imitate the layout and design of well-known brands (such as banks, online retailers and social media). Users are asked to disclose access data, which is then passed on to the perpetrators and abused by them. Phishing is a form of social engineering.
Here’s what you can do to protect yourself against phishing
1. Learn how to recognize phishing e-mails
To effectively protect yourself against phishing attacks, you must first learn how to recognize fake e-mails. Pay attention to the following signs in e-mails:
- The message plays with fear and urgency
Fraudsters often play on the fear of the users and thus try to provoke a rash action, such as the disclosure of their access data. Do not let the allegedly urgent e-mails upset you!
- You are asked for your access data or personal information
Most large companies do not ask their customers for their login data, and certainly not by e-mail. If you are asked to provide login information, this is suspicious.
- It uses an unusual greeting
“Dear Customer”… That’s weird, isn’t it? Usually companies you come in contact with will address you by your name. Generic or false salutations in e-mails are an indication of phishing.
- Deceptive e-mail address
Does the last e-mail from your bank come from a different e-mail address than the ones you received before? Then you should be careful! A phishing attempt can often be detected if you pay close attention to the sender’s e-mail address.
- The text contains spelling and grammar mistakes
If the text is teeming with errors, you are most likely dealing with a phishing e-mail. However, criminals are getting better and better—and not every phishing attempt is that easy to identify!
2. Never reply to suspicious e-mails
Have you received a suspicious e-mail? If you notice one or more of the signs mentioned above, you should never reply to this e-mail—especially if you are asked to reveal passwords or access data.
3. Do not click on links in suspicious e-mails
If you find an e-mail suspicious, please do not click on any links contained in it! These often redirect you to deceptively cloned phishing websites, which, for example, imitate the login pages of well-known portals. However, the data entered there ends up in the hands of fraudsters.
4. Deactivate the HTML view of e-mails
Some scammers hide malicious code in the HTML code of web pages. To protect yourself from viruses, Trojans and malware, disable HTML view of e-mails. In Outlook you will find this setting in the menu Options>Trust Center.
5. Do not open suspicious attachments
Spyware and blackmail software might be hidden even in the attachments of suspicious e-mails. These attachments are often disguised as PDF files, images or ZIP files. Even if the sender does not look suspicious: Always be careful with unexpected attachments!
Tip: Tip: Never send important files and sensitive information as e-mail attachments. Instead, use highly secure data exchange solutions such as sealed business clouds and virtual data rooms. Try idgard® now for free for 14 days!
6. Secure your computer
To protect yourself from Trojans and malware, you should install effective anti-virus software and keep it up-to-date. This way, your computer will not be unprotected in case you accidentally open a suspicious attachment.
7. Report phishing attempts
If you become the victim of a phishing attempt at work, you should inform your supervisor or, if possible, the corresponding contact person or colleague for this kind of issues, for example, your admin. Ideally, you should also inform the company on whose behalf the attempt is being made, for example your bank or your streaming provider.
You can also report suspicious cases to your responsible consumer advice center.
About the author
Moritz Wappner is the team lead of the Cyber Security Advisory Services department at TÜV SÜD since April 2020. In this role, he is primarily responsible for consulting topics in the areas of Cyber Security Risk Assessment and Cyber Security Awareness.