You’ve got mail.

E-Mail-Security

We receive contact requests, account notifications, newsletters, documents and lots more via email. Criminals try to trick us by mingling fraudulent messages into this flood of information.

 

Attacked by an email

While modern cyber threats can take different forms and delivery methods, email continues to be one of the primary approaches used by cyber attackers. Private and business communications via email seem personal but are not: anyone can send you an email—and anyone does.

 

It’s always urgent!

Email attack scenarios typically try to trick you into doing something you shouldn’t, like clicking on a link, opening a document or transferring money, and they have one thing in common: you have to act right now! In order to stop you from thinking too much, it’s always urgent!


Scenario I

Click here!

The attackers want you to visit a fake website to steal your login credentials or infect your computer with malware.


How?


Tempting offer

an iPhone for CHF1.00; a lottery win; 80% discount on designer bags.


Threat

your account will be deleted; your emails will be deleted; your account has been hacked.


Disguise

your IT department, your bank, a friend or a colleague.


What?



Have you clicked?


Don’t worry.

Change your passwords.
Run your antivirus program.
Talk to your IT department.


 

 

Scenario II

Open this document!

The attackers want you to visit a fake website to steal your login credentials or infect your computer with malware.


How?


Threat

you forgot to pay a bill (check the attachment!); you signed a contract.


Curiosity

a whistleblower shares secret information with you; someone shares salary or strategy information with you by accident.


Disguise

Julian Assange, any service provider, a debt collection company, a big bank, a well known company, your company or an applicant.


What?


Attack terms

CEO fraud, HR fraud, malware distribution


Have you opened a document?


Don’t worry.

Delete the document properly.
Run your antivirus program.
Talk to your IT department.


 

 

Scenario III

Transfer money!

The attackers want you to transfer money to a Western Union bank or using bitcoin.


How?


Threat

a very important project will fail, you’ll be fired, or very personal information will be disclosed if you don’t transfer the money; contact will stop if you don’t transfer the money.


Tempting offer

after investing a small amount of money you’ll get a lot more in return; a friend needs your help.


Disguise

a friend, your supervisor, a Nigerian prince, a supplier or a bank employee.


What?


Attack terms

Investment fraud, CEO fraud, romance scam, spoofing.


Have you transferred money?


Don’t worry.

Talk to your bank.
Stop communicating with the attacker immediately.
Report the incident to the police.


 

Tips

1. Take your time: Any time something is urgent take a deep breath and reflect a moment  before you click on a link, open a document or transfer money. Do a reality check!

2. Reality check: If something is too good to be true, it usually is—especially on the Internet. Ask yourself if the request or opportunity sent to you via email is realistic. Did I even enter a lottery? Would any designer sell its bags for this incredibly low price? Why would a whistleblower send me documents?

3. Check back: If the reality check does not provide clarity, check back. Is it a suspicious message from your bank? Call your bank. Is it a message from your supervisor? Talk to your supervisor. Is it a bill or contract from a company you know? Call that company.


General protection rules

If you receive an attachment from someone you don’t know, don’t open it: delete it immediately. You should also be cautious of attachments from friends or family if you are not expecting them: their email accounts could be infected or their email address forged.

Hover your mouse over links before you click on them to see if the URL looks legitimate.

Instead of clicking on links, open a new browser and manually type in the address.
Don’t give your email address to sites you don’t trust.
Don’t post your email address to public websites or forums: spammers often scan these sites for email addresses.
Understand that reputable businesses will never ask for personal information via email.
Google a suspicious email address to see if others received it too and identified it as legitimate or illegitimate.