Properly ward off spam and phishing

Not only is it very annoying to receive spam, but it also brings many dangers. Many users are aware of this, but it is not viewed as so urgent.

For the younger generation, these messages can become an even greater danger, as they only use emails in everyday life to register with online shops or other portals. The spam filters of email services and a pinch of overconfidence create a false sense of security. The security experts at ESET point this out. They recommend looking more closely at the topic of spam and phishing. Most current security incidents – especially those involving ransomware – ultimately originate from seemingly harmless emails.

Around 80 percent of all electronic mail consists of spam.

For cybercriminals, email is the most effective distribution channel for malware and a means to obtain personal information from Internet users. The financial damage is enormous. Therefore, it is important to have an effective security solution in addition to a close look at unknown emails.

“E-mails are the main gateway for all kinds of malware. With fake invoices, applications or tempting bargain offers: the criminals’ scam always aims to get the recipient to open and execute the file attachment or click on links to infected websites,” says Thomas Uhlemann, ESET Security Specialist. “The bad thing is that these emails can hardly be distinguished from real ones. They often even address the recipient by the correct name. Criminals now have comprehensive data sets about Internet users from various thefts. Even grammar and word choice hardly produce any errors that immediately indicate spam.”

Use a comprehensive security solution

More and more experts recommend using a modern security solution with effective protection against both spam and phishing. Many security suites offer such technologies. They ensure that unwanted messages are sorted out immediately. This also minimizes the risk of an incorrect click. The security software also helps protect against phishing and uncompromisingly blocks dangerous websites. Bank details, passwords and similar sensitive information in particular do not belong in the wrong hands.

What is the difference between spam and phishing?

Spam is a collective term for all forms of unsolicited emails sent in bulk. In principle, they are similar to advertising brochures in the mailbox, but the potential damage they can cause is significantly higher. Cybercriminals flood mailboxes with spam emails so they can increase open rates and make financial gain. However, these messages are also used to spread malware. For example, fictitious invoices that are sent as PDF or Word attachments are very popular.

Phishing is also a part of spam. The difference is that scammers and criminals use these emails to fish for passwords and personal information. In most cases, these messages supposedly come from a reputable bank, a popular internet provider like Amazon or other well-known service providers like DHL. The recipients are asked to re-enter their personal data, for example due to a technical problem or update.

How do cybercriminals get the email address?

Digital rip-offs get to valid email addresses in various ways:

1. Criminals automatically create and send emails with letter and number combinations. If no error notification comes back from the addressee's server that the email could not be delivered, the address is probably valid.

2. There are huge databases of personal information on the dark web, including email addresses. These mostly come from security incidents in recent years.

3. Web crawlers search the Internet for email addresses, for example via the website imprint, entries in newsletters, forums or social media.

4. Hackers inject malware onto computers and smartphones in order to spy on personal data such as email, telephone number or passwords.

In the current ESET product workshop , Internet users will learn how they can protect their PC or laptop from spam and phishing.

Tips for protecting yourself from spam and phishing emails:

– If in doubt, delete the email: If in doubt, messages from unknown senders or emails with strange content should be deleted.

– Do not click on links: If a spam email gets through the filters into your inbox, you should not click on links and under no circumstances should you reveal personal information such as credit card details.

– Do not open attachments: Attachments in spam emails are often disguised as supposed invoices in PDF, EXE or Word format. These should not be opened under any circumstances. In most cases, malware lurks here and gets onto the system in this way.

– Do not respond: Internet users should never respond to spam and phishing emails. Even supposed unsubscribe options should not be used. The feedback is confirmation for criminals that the address is being actively used.

– Create a second address: The private email address should only be given out in exceptional cases. For orders in online shops or registration on portals, it is better to get a second mailbox. If you get a lot of spam from this email, you can simply switch to a new one.

– Enable two-factor authentication: Two-factor authentication (2FA) establishes an additional layer of security. This means criminals cannot log in using their access data alone. An online service account remains protected with 2FA, even if the credentials fall into the wrong hands.

– Use a security solution: Users should use a security solution that, in addition to reliable protection against malware, also offers comprehensive spam and phishing protection.

– Install updates: Users should immediately install updates provided for the operating system, the installed software and hardware. It is recommended to activate the automatic update function if available.

---

Source: ESET Deutschland GmbH

Also interesting: Security risks when using online services