#BeAware: Spear Phishing

15. May 2019

Phishing emails are still the main gateway for viruses, Trojans and other malware. They are also often used to gain access to the personal data of their recipients. A phishing email sent for the purpose of spreading malware can reach a computer in two ways: Either via compromised attachments or links designed to trick the recipient into visiting a compromised website.

Attackers who send out phishing emails are becoming more and more professional. Obvious spelling and grammar mistakes or outrageous stories of Nigerian princes whose fortune you are supposed to have inherited still exist, but have become the exception. Here is a list of things you should check in all your incoming emails:

  • Is the sender correct? Is the name spelled correctly and is the address after the @ correct?
  • Where does the link in the e-mail lead to? If you hover over the link with your cursor (without clicking!), the destination address is displayed next to the mouse or in the lower part of your browser window and you can check whether the link matches the content of the e-mail and the sender.
  • Does the content of the e-mail match the sender or is it too good to be true?
  • Does the attachment match the sender?

If you receive an email that you think might be suspicious, even in the slightest, do not click on any links or open any attachment, but forward the email to the appropriate contact person at your company. Your IT department will then be able to verify whether the mail really is a phishing attempt.


About #BeAware:
We all know them from our daily work: security tips, the latest virus reports, horror stories from the world of cyber security. With #BeAware, usd security awareness experts would like to help you understand these messages. The articles highlight relevant IT security issues and the most common methods used by hackers and criminals, and give tips on what anyone can do to protect themselves and their company. For more security.

Also interesting:

PHOENIX group establishes Europe-wide ISMS with support from usd AG

PHOENIX group establishes Europe-wide ISMS with support from usd AG

Particularly in high-growth industries with increasing internationalisation, such as the pharmaceutical industry, corporations today face the challenge of setting up their information security governance in such a way that it meets the associated risks and challenges....

Security Scan and Pentest: What are the Differences?  

Security Scan and Pentest: What are the Differences?  

A proactive protection against hacker attacks is essential, especially for systems and applications that are accessible from the Internet. A penetration test, or pentest for short, and security scan are frequently requested IT security analyses in this context,...

Security Advisories for Jellyfin

Security Advisories for Jellyfin

The usd HeroLab analysts examined the multimedia application Jellyfin while conducting their security analyses. Two cross-site scripting vulnerabilities were identified that allowed a simple user account to take over higher-privileged accounts, such as an...

Categories

Categories