Do not open dangerous emails. To avoid falling into the phishing trap, you need to take a few security precautions.
You shouldn’t open dangerous e-mails – but you often only know whether an e-mail is harmless or not after you’ve opened it. And sometimes not even then. So that you still don’t fall into the phishing trap, you have to take a few security precautions, which we will give you here.
Opening email is like Russian roulette – you never know when you’re going to hit it. Most of the time you don’t have a choice whether you want to play. Why don’t you try explaining to your boss that you will no longer open emails from now on. You have plenty of powerful arguments: E-mails are dangerous and the most important way for malware to spread. The notorious Emotet malware alone, which is mainly distributed via phishing emails, has paralyzed countless companies, authorities, hospitals, etc. worldwide and caused billions of euros in damage.
- risk email
- detect phishing
- Send emails securely
- defuse attachments
Another argument is that you cannot promise your boss that you will sort out all phishing emails and not fall for them. Because the times when you could recognize such mails from afar are long gone. Attackers are increasingly using real – stolen – data to lure you into a trap, for example plausible senders with whom you have already been in contact. Sometimes phishing e-mails even quote from previous e-mail exchanges with colleagues, partner companies or customers.
Anyone who works with e-mails professionally often has to process dozens or even hundreds of them every day – and make just as many decisions. That’s quite a lot of responsibility, because every wrong decision, every wrong click can paralyze the whole company for weeks. The crux is that you cannot afford to overlook a customer request or an order email. Every mail must therefore be checked.
You may already have guessed: Even with the best arguments, you won’t get out of the number. E-mail is the lowest common denominator in online communication and therefore remains indispensable. Internal communication can now be handled well using modern collaboration software such as Rocket.Chat, Slack or Teams, but there is no widely accepted substitute for communication with the outside world.
The situation is similar in private life: You can easily reach friends and relatives via messenger apps such as WhatsApp or Signal – end-to-end encrypted using the latest technology and with a verifiable sender. However, to contact companies, authorities and many more, you often have to write an email. Invoices, shipping confirmations, notifications of suspicious activity, etc. end up in your inbox, alongside phishing emails of all kinds. And it’s up to you to distinguish the good emails from the bad.
But what to do? Phishing belongs to the “Social Engineering” attack category – the attackers do not aim at technical security gaps, but at human vulnerabilities. This is exactly where the following articles come in: We would like to provide you with the necessary knowledge and some practical tips so that you can easily separate the wheat from the chaff and only have a tired smile left for phishing mails.
It’s not just about how you can evaluate suspicious emails based on obvious and hidden characteristics, but also about the tricky cases. Sometimes, even after a thorough examination, there are still residual doubts as to whether it is chaff or wheat and whether the attached file is essential or causes serious damage.
In such cases, you can use a tool like Dangerzone to defuse the attachment before opening it by turning it into a harmless PDF – guaranteed without Office macros. Or you can analyze the file with special tools to safely check in advance whether it contains macros or embedded files.
We would like to encourage you to share this knowledge with colleagues, friends, family and business partners – in your own interest. Because the greatest influence on your inbox is not you, but the sender of the mail. If everyone knows the most important dos and don’ts and takes them to heart when sending, e-mail will be safer for everyone.
We have therefore compiled the most important tips for sending emails in a compact and easily digestible checklist. The checklist is freely available online for easy sharing. If you like, you can refer to it in your email signature:
c’t issue 19/2022
Don’t be afraid of your e-mail inbox anymore! In c’t 19/2022 we explain how to avoid the phishing danger. Learn how to better detect ransomware threats and mitigate attachments. To do this, we test PCIe cards, card readers, cables and SSDs that can handle Turbo USB with 20 Gbit/s and show you how to monitor the performance of your PV system. You can read that and more in the current issue of c’t.
Email without the risk of phishing
Super fast USB up to 20 Gbit/s
Balcony power plants: measure electricity production
The Videoident hack and its potential consequences
Test: Palm-sized, fanless miniature PC
Test: Android newcomer: Nothing Phone (1)
Practice: Interactively evaluating data from the James Webb telescope
Metaverse: Problems, Visions and Promises
Fritzbox project: Raspi monitors line quality
c’t 19/2022 in the Heise shop