Top tips for information security (Hier geht es zur deutschen Version)

Old adversaries with dirty tricks – this how you stay safe

How can I spot malware like Emotet or other Trojans? What makes HTML emails malicious? Why are smartphones so susceptible to phishing? What do I ALWAYS have to check before entering my login credentials?

Our tips and video tutorials are here to keep you safe. Detailed and background information is available in the links below. Subscribe to our InfoSec newsletter for updates to this website, adapted security assessments and warnings. Click here to subscribe.

The main gateway for malicious code, identity theft and fraud are emails with malicious attachments or links. Therefore: double check everything, even if you’re in a hurry. Poorly maintained systems can otherwise be easily compromised by malicious code.

Attackers usually want to trick you into downloading malicious code, they want your data and your money. To this end, they often imitate familiar emails or websites and tell a believable story. Some use your personal data to appear credible. Here’s what you should do:

3 seconds to ensure email security

When asked to enter personal data, to download or to open attachments, always apply the 3-second security check recommended by the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI): Are you familiar with the sender address? Are you expecting a document from this sender? Do the subject line and content of the email make sense? Does the link go to a page that you would expect?

Effective measures: updates and antivirus

No matter whether malicious code arrives via e-mail attachment, download link or USB stick, or whether malware spreads across the web from infected devices – keeping your system up to date and using antivirus software are indispensable safety measures.

Set up automatic updates for the operating system on each of your devices and, if possible, for all programs/apps, but most importantly for browsers and email clients. Robust antivirus protection is also essential. Both are often the last line of defence if you do fall for phishing or malware links.

The last resort: backups

Create regular backups of your IT systems. This will ensure you don’t lose your data and can access them as quickly as possible, even in the event of a virus or encryption. Make sure to:

  • Check regularly that the backup is complete and the files can be fully restored.
  • Create backup on media that are read-only or not permanently connected, if possible. In the event of a virus or encryption, attackers often search for backups in order to render them unusable.

Exactly what it says on the tin

Only install software from reliable sources, e.g. official app stores or manufacturer websites. In addition to the features you want, software may also contain malicious features (so-called Trojans).

  • Only click on software download links in emails if you have requested them.
  • Avoid free software, freebies or alleged tools.

Do not allow yourself to be pressured

Emails that put pressure on you and ask you to act quickly usually have sinister intentions: They ask you to activate your account; increase the storage space in your mailbox; pick up missed emails;... . Check them carefully and take the other tips to heart. Ask your colleagues, your admin team or the helpdesk for assistance.

Fake email conversation

Emotet emails almost always use previous email conversations that were stolen from other victims. Trusting their (fake) sender and their authentic content, users can be tricked into opening malicious documents or clicking on malicious links. Therefore, question the authenticity of even those senders you recognise, perform the 3-second security check and, if necessary, check with the sender through other channels.

Info page in the service portal (only available in the RUB network), ITSB
Malware Emotet is back: How RUB is now protecting itself

The correct display name

The display name of an email can be set arbitrarily. If possible, use an email client that displays the complete sender address. Hands off if the sender address doesn’t match. But be careful, even the sender address can be faked. It is therefore always important to look at the entire email in context (see also: 3-second security check).

Responsible email users attach a digital signature to their emails. Digitally signed emails are checked by standard email clients that will display any discrepancies. You can also check the digital certificates used in the emails manually.

Use caution when trusted communication partners, team members and above all managers suddenly communicate via other channels, e.g. using a new (private) email address. Under no circumstances should private email addresses be used for official instructions.

Latest news, ITSB
Digital scams (in German)

Malicious attachments

Malware is often distributed via email attachments. If in doubt, you should ask the sender to verify any unexpected attachments, such as images, PDFs, Word, Excel or PowerPoint files, or ask an expert to check them. Don’t answer in the affirmative to macro or security queries for execution if you have even the slightest doubt.

Malicious macros can be easily transmitted in old MS Office formats (doc, xls, ppt, ..) and in the new macro formats (docm, xlsm, pptm, ..). You should only open such files after checking with the sender. New MS Office formats (docx, xlsx, pptx, ..) can also contain malicious code. Assume fraudulent intent if a macro query/warning is issued for such MS Office files. In any case, we advise a conservative configuration of Microsoft Office programs (German language).

Malware can also be transported in supposedly secure file formats such as PDF or images. Vulnerabilities in PDF programs are regularly reported. We advise a conservative configuration of PDF programs (German language) if it is necessary to open PDFs from unknown senders (e.g. when processing job applications).

Check, don’t click

Check any email links carefully before you click on them. Attackers often disguise third-party links by inserting “bochum” or “rub” – but the links lead to third-party servers. Don’t follow any unfamiliar links. If a link is embedded in an HTML email, you should always first hover over the link and check the address.

If possible, turn off the HTML view in your email client. Many emails may then no longer look fancy, but you will spot fake links much more easily. In most email clients, you can switch on the HTML view on a case-by-case basis if you trust the sender of an email.

Since HTML emails can also be used to transport malicious code and track recipients, we recommend that you do not use the HTML format when composing emails.

Be careful when logging in

Only enter confidential data – especially passwords – on websites that you have accessed by typing in the address or via a bookmark. This costs time, but you will be one hundred per cent on the safe side. Attackers often imitate the login pages (e.g. RUB webmail, RUB Outlook web access.

If all you have is the link you received in an email, check the address bar of the browser – even if the website looks the same "as usual". Only enter your login credentials if you recognise the address of the website without a doubt.

Websites where you log in or enter any other data should always be encrypted. This is indicated by https in front of the web address/URL and often by a closed or green lock symbol in the address bar of your browser.

Safe file exchange

Information is often distributed via separate documents in order to preserve a specific layout. If recipients of the information are no longer supposed to edit the files, we recommend converting documents into PDF format. The latest MS Office programs offer PDF export options for this purpose.

If you frequently exchange files with groups or individuals, we recommend that you set up shared storage locations and download links in advance, e.g. Sciebo, network drives or Sharepoint. Depending on the tool, features such as joint editing of files, versioning of documents and automatic notification on updated documents can even offer considerable added value.

Before exchanging confidential content, e.g. personal data, make sure that the exchange method meets any data protection requirements. Personal data with a high protection requirement, for example, may only be stored on Sciebo in encrypted form. If the need for protection is particularly high, it is not allowed to store the information on Sciebo.

ISMS guideline (only accessible via the RUB network), ITSB
Using cloud storage services (in German)

Please note for mobile devices

Email apps on mobile devices often only support HTML display of emails. And since you don’t have a mouse, you can’t see where the links take you. The solution is to tap and hold the link until the destination is displayed. Only click on links to trusted/known addresses.

On smartphones, email addresses of senders are often only displayed with their display name. To see the complete name, you can click on "Forward", for example.

Phone calls from Microsoft or the police

Fake support staff or supposed police officers might try to contact you with fraudulent intent, especially when you’re working from home. Reputable support teams will not call you without a reason or authorisation, police and emergency services never use the emergency numbers 110 or 112 for outgoing calls.

Caller numbers are easy to fake. If necessary, check with your contacts by calling them in turn. Terminate any unexpected phone calls immediately. Do not install any software at the request of such unsolicited callers and never give out passwords or other confidential information.

Additional information

Software applications and data centers worldwide are currently affected by a Java vulnerability called Log4Shell. RUB has taken immediate security measures.
Users are not the main target of attackers. However, since Java is also used on many consumer devices (e.g., IOT), caution is still required. Security updates for devices and applications should be applied as quickly as possible.
RUB News from 13 December 2021 (in German)
Service portal: FAQ concerning Log4Shell (in German; only available in the RUB network)

Have you clicked too quickly or opened an attachment? In this case, a secure system can hopefully protect you from harm: Installation and regular updates of antivirus software (e.g. Sophos), automatic updates of the operating system and regular updates of applications. Read more

zur Startseite