Phishing emails are still the main gateway for viruses, Trojans and other malware. They are also often used to gain access to the personal data of their recipients. A phishing email sent for the purpose of spreading malware can reach a computer in two ways: Either via compromised attachments or links designed to trick the recipient into visiting a compromised website.
Attackers who send out phishing emails are becoming more and more professional. Obvious spelling and grammar mistakes or outrageous stories of Nigerian princes whose fortune you are supposed to have inherited still exist, but have become the exception. Here is a list of things you should check in all your incoming emails:
- Is the sender correct? Is the name spelled correctly and is the address after the @ correct?
- Where does the link in the e-mail lead to? If you hover over the link with your cursor (without clicking!), the destination address is displayed next to the mouse or in the lower part of your browser window and you can check whether the link matches the content of the e-mail and the sender.
- Does the content of the e-mail match the sender or is it too good to be true?
- Does the attachment match the sender?
If you receive an email that you think might be suspicious, even in the slightest, do not click on any links or open any attachment, but forward the email to the appropriate contact person at your company. Your IT department will then be able to verify whether the mail really is a phishing attempt.
We all know them from our daily work: security tips, the latest virus reports, horror stories from the world of cyber security. With #BeAware, usd security awareness experts would like to help you understand these messages. The articles highlight relevant IT security issues and the most common methods used by hackers and criminals, and give tips on what anyone can do to protect themselves and their company. For more security.