Why can even harmless attachments pose a security risk? Why are smartphones so susceptible to phishing? What do I ALWAYS have to check before entering my login credentials?
The main gateway for malicious code, identity theft and fraud are emails with malicious attachments or links. Therefore: double check everything, even if you’re in a hurry. Poorly maintained systems can otherwise be easily compromised by malicious code.
Attackers usually want to trick you into downloading malicious code, they want your data and your money. To this end, they often imitate familiar emails or websites and tell a believable story. Some use your personal data to appear credible. Here’s what you should do:
When asked to enter personal data, to download or to open attachments, always apply the 3-second security check recommended by the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI): Are you familiar with the sender address? Are you expecting a document from this sender? Do the subject line and content of the email make sense? Does the link go to a page that you would expect?
Emails that put pressure on you and ask you to act quickly usually have sinister intentions: They ask you to activate your account; increase the storage space in your mailbox; pick up missed emails;... . Check them carefully and take the other tips to heart. Ask your colleagues, your admin team or the helpdesk for assistance.
PDF and HTML appear to be harmless enough. However, attackers can place malicious code in PDFs unnoticed. We therefore recommend that PDF programs be configured as conservatively as possible (text in German) for the everyday handling of PDF documents.
HTML files in attachments are regularly misused for identity theft and for infiltrating malicious code. Do not open any HTML attachments unless you have verified them with the sender.
Brief e-mails from what appear to be private e-mail addresses of a manager tend to elicit a dutiful reply. And then "your boss" will ask for a bank transfer or credit card numbers. Unfortunately, the money goes to the wrong person.
Do not under any circumstances comply with these requests. Notify your manager about the e-mails and warn your colleagues about this scam (in German).
E-mails addressed to RUB are scanned for malicious code, unwanted attachments and certain spam features. E-mails that appear to pose a risk are rejected immediately and suspicious e-mails are marked as spam. Users of the RUB e-mail host should make sure that spam filters are switched on for their mailbox.
Emotet emails almost always use previous email conversations that were stolen from other victims. Trusting their (fake) sender and their authentic content, users can be tricked into opening malicious documents or clicking on malicious links. Therefore, question the authenticity of even those senders you recognise, perform the 3-second security check and, if necessary, check with the sender through other channels.
The display name of an email can be set arbitrarily. If possible, use an email client that displays the complete sender address. Hands off if the sender address doesn’t match. But be careful, even the sender address can be faked. It is therefore always important to look at the entire email in context (see also: 3-second security check).
Responsible email users attach a digital signature to their emails. Digitally signed emails are checked by standard email clients that will display any discrepancies. You can also check the digital certificates used in the emails manually.
Use caution when trusted communication partners, team members and above all managers suddenly communicate via other channels, e.g. using a new (private) email address. Under no circumstances should private email addresses be used for official instructions.
Malware is often distributed via email attachments. If in doubt, you should ask the sender to verify any unexpected attachments, such as images, PDFs, Word, Excel or PowerPoint files, or ask an expert to check them. Don’t answer in the affirmative to macro or security queries for execution if you have even the slightest doubt.
Malicious macros can be easily transmitted in old MS Office formats (doc, xls, ppt, ..) and in the new macro formats (docm, xlsm, pptm, ..). You should only open such files after checking with the sender. New MS Office formats (docx, xlsx, pptx, ..) can also contain malicious code. Assume fraudulent intent if a macro query/warning is issued for such MS Office files. In any case, we advise a conservative configuration of Microsoft Office programs (German language).
Malware can also be transported in supposedly secure file formats such as PDF or images. Vulnerabilities in PDF programs are regularly reported. We advise a conservative configuration of PDF programs (German language) if it is necessary to open PDFs from unknown senders (e.g. when processing job applications).
Check any email links carefully before you click on them. Attackers often disguise third-party links by inserting “bochum” or “rub” – but the links lead to third-party servers. Don’t follow any unfamiliar links. If a link is embedded in an HTML email, you should always first hover over the link and check the address.
If possible, turn off the HTML view in your email client. Many emails may then no longer look fancy, but you will spot fake links much more easily. In most email clients, you can switch on the HTML view on a case-by-case basis if you trust the sender of an email.
Since HTML emails can also be used to transport malicious code and track recipients, we recommend that you do not use the HTML format when composing emails.
Only enter confidential data – especially passwords – on websites that you have accessed by typing in the address or via a bookmark. This costs time, but you will be one hundred per cent on the safe side. Attackers often imitate the login pages (e.g. RUB webmail, RUB Outlook web access.
If all you have is the link you received in an email, check the address bar of the browser – even if the website looks the same "as usual". Only enter your login credentials if you recognise the address of the website without a doubt.
Websites where you log in or enter any other data should always be encrypted. This is indicated by https in front of the web address/URL and often by a closed or green lock symbol in the address bar of your browser.
No matter whether malicious code arrives via e-mail attachment, download link or USB stick, or whether malware spreads across the web from infected devices – keeping your system up to date and using antivirus software are indispensable safety measures.
Set up automatic updates for the operating system on each of your devices and, if possible, for all programs/apps, but most importantly for browsers and email clients. Robust antivirus protection is also essential. Both are often the last line of defence if you do fall for phishing or malware links.
Create regular backups of your IT systems. This will ensure you don’t lose your data and can access them as quickly as possible, even in the event of a virus or encryption. Make sure to:
Only install software from reliable sources, e.g. official app stores or manufacturer websites. In addition to the features you want, software may also contain malicious features (so-called Trojans).
Information is often distributed via separate documents in order to preserve a specific layout. If recipients of the information are no longer supposed to edit the files, we recommend converting documents into PDF format. The latest MS Office programs offer PDF export options for this purpose.
If you frequently exchange files with groups or individuals, we recommend that you set up shared storage locations and download links in advance, e.g. Sciebo, network drives or Sharepoint. Depending on the tool, features such as joint editing of files, versioning of documents and automatic notification on updated documents can even offer considerable added value.
Before exchanging confidential content, e.g. personal data, make sure that the exchange method meets any data protection requirements. Personal data with a high protection requirement, for example, may only be stored on Sciebo in encrypted form. If the need for protection is particularly high, it is not allowed to store the information on Sciebo.
Email apps on mobile devices often only support HTML display of emails. And since you don’t have a mouse, you can’t see where the links take you. The solution is to tap and hold the link until the destination is displayed. Only click on links to trusted/known addresses.
On smartphones, email addresses of senders are often only displayed with their display name. To see the complete name, you can click on "Forward", for example.
Fake support staff or supposed police officers might try to contact you with fraudulent intent, especially when you’re working from home. Reputable support teams will not call you without a reason or authorisation, police and emergency services never use the emergency numbers 110 or 112 for outgoing calls.
Caller numbers are easy to fake. If necessary, check with your contacts by calling them in turn. Terminate any unexpected phone calls immediately. Do not install any software at the request of such unsolicited callers and never give out passwords or other confidential information.
Our tips and video tutorials are here to keep you safe. Detailed and background information is available in the links below. Subscribe to our InfoSec newsletter for updates to this website, adapted security assessments and warnings. Click here to subscribe.
We have reported how real phishing emails may look on our news pages, e.g. here:
University employees hit by phishing wave (in German)
Phishing email requests validation (in German)
Watch out for smishing (in German)
IT awareness training courses have been licensed for RUB employees; participants can complete easy-to-digest e-learning modules and take fun quizzes anytime and anywhere until the end of August 2023. Participation is voluntary. Click here for more information and to register on the training portal.