Email remains the most popular gateway for malware and fraud attempts. Attackers try to deceive victims into doing something they do not want to do. The scenario chosen for this purpose is intended to affect the potential victim emotionally or trigger their interest to click on a link, open a document, provide credit card details or passwords, or make a payment. Handling emails carefully contributes significantly to the security of your data and your computer.
The following measures protect against malware, phishing and various types of fraud:
Beware of emails that require action on your part
Be careful if you are urged to perform an action. This may involve clicking on a link or opening an attachment. Never enter personal data in a form that you have opened via a link in an email.
Do not be caught off guard
Fraudsters are constantly devising new scenarios to encourage victims to react rashly. This method is known as social engineering. Social engineering is intended to ensure that the victims carry out the actions controlled by the perpetrators without being aware of it. Do not let yourself be taken off guard, think about the situation calmly and, if in doubt, ask friends, work colleagues or the NCSC how to assess the matter.
Beware of emails from unknown senders
Be suspicious of emails sent from an address you do not know. In such cases, do not open any attached documents or programs and do not follow any links provided in them.
Malicious emails can also come from known senders
Emails from a known sender can also be dangerous as some malware spreads by sending itself via email to recipients listed in a victim's address book. Be careful, for example, if previous messages are suddenly used out of context.
Caution with Office documents
Malware is often distributed through Office documents. In most cases the macro function is exploited. Never give permission to activate the macro function.
Email client software update
Email clients can also have security vulnerabilities. Check regularly whether there are any software updates for your email client and install them.
Block the receipt of dangerous email attachments
Block the receipt of dangerous email attachments on your email gateway. A more detailed and updated list can be found on the GovCERT website at: https://www.govcert.ch/downloads/blocked-filetypes.txt
Make sure that dangerous email attachments like these are also blocked if they are sent to recipients in your company/your authority in archive files such as ZIP and RAR, or even in encrypted archive files (e.g. in a password-protected ZIP file).
In addition, all email attachments containing macros (e.g. Word, Excel or PowerPoint attachments that contain macros) should be blocked.