Here are a few tips:
Use a virus protection program (“endpoint security”) and keep it always up to date
Every computer should be equipped with an anti-virus program that automatically checks files when they are accessed. As a member of the university, you can use the provided software. (https://doku.rz.tu-bs.de/doku.php?id=software:sophos) In any case, always install all updates provided!
Do not let e-mails open automatically
In your mail program, deactivate auto-preview or similar settings that open e-mails automatically. Then malicious code in HTML mails is not executed immediately and you can decide for yourself whether you trust the sender and therefore open the mail or not.
Always check sender and subject for “oddities”
- Always take a close look at the sender and subject: Is the domain specification after the @ “strange” (e.g. company.com.cu.cc)?
- Is the domain specification coupled with an unusual name/term before the @?
- Caution is advised with unknown functional addresses such as “marketing”.
- Does the displayed name match the real e-mail address?
- Are there “typos” in the e-mail address (then it is definitely fake)?
- Does someone write to you in a different language than usual?
- Does the mail contain an untypical amount of spelling mistakes?
- Does the subject not fit at all to the other e-mails from this person?
Be careful with e-mail attachments
Be especially careful if you receive attachments from people you do not know or from whom you do not expect mail attachments. You should be especially careful with “dangerous” file extensions, especially (but not exclusively): .com, .exe, .bat, .do*, .xl*, .ppt*, .scr or .vbs. The extension displayed is not always the real one: it is often only displayed when you move the mouse over the “link” to the attachment.
If you are in doubt, you can check by a personal phone call whether the file was really sent by the specified sender – it is worth the effort! If the e-mail is not from the specified sender, ignore it completely. So don’t send a reply mail and don’t click on any attachments or links contained in the mail.
In case of e-mail addresses of the TU Braunschweig your e-mails will be checked by an anti-virus and anti-spam filter. The Gauss IT Center will issue a warning if it detects the above mentioned attachments, packed files (e.g. .zip) or all office documents containing macros (e.g. .docxm, .xlsxm – these are often used for malware). So be careful if you find the warning [PMX:Caution Dangerous Attachment] in the subject line.
Someone has misused your e-mail address? Ignore it!
There is practically no way to detect the forger of your address. Do not waste time on it. Just delete all mails from other people who react to the fake mails that are not from you at all.
Never install (fake) updates that come via e-mail
Some counterfeiters send dangerous viruses, disguised as supposed updates for protection programs, of course under fake senders, i.e. apparently coming from a virus program manufacturer. Ignore these mails completely. Updates and patches for virus protection programs, operating systems or common software are never distributed by e-mail, but only via the manufacturer’s websites and the automatic updates built into the software, rarely via CDs/DVDs.
Inform yourself about the dangers of phishing!
Have a look at the Video against online fraud on! (https://www.youtube.com/watch?time_continue=1&v=XeslAkZIuwY erstellt von SECUSO, KIT https://secuso.aifb.kit.edu/Unterlagen_Sichere_Kommunikation.php)
The Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) also provides further tips: