Phishing and E-mail Security

Due to the wide distribution of e-mail communication in the workplace, it has also become very interesting for criminals. However, e-mail security does not only relate to the reception of possibly harmful or unwanted e-mails, but also to the sending of one's own e-mails, especially if sensitive information is included. The terms spam and phishing are often used in the context of harmful and unwanted e-mails.

But beware: similar attack attempts or unwanted messages can also be sent via communication channels other than e-mail, so unusual communications should also be questioned when using messengers, social networks or even the telephone.

  • Spam

    Spam is the general term for unwanted messages, usually sent in mass quantities. The name comes from the word "SPAM", which became a synonym for "unwanted things in abundance" through a Monty Python sketch about tinned meat. Although spam messages can be distributed in a variety of ways, such as by fax or SMS, most people think of spam as e-mails. The originators, also called spammers, of such messages send them automatically. Most often, such messages are used for advertising purposes, fraud attempts, distribution of malware or phishing.

    For advertising purposes or fraud attempts, "fantastic" and "unbelievable" products, e.g., novel diet pills or offers, such as fast money-making methods, are often promoted. A lot of great promises are made in order to persuade the recipient to take up the offer. As a rule, however, such products and offers do not deliver what they promise or are non-existent and the money paid is lost forever.

  • Phishing

    Phishing is the term used to describe e-mails or websites that have been prepared by criminals and are designed to obtain information for the purpose of identity fraud. Often, these are e-mails that pretend to come from well-known companies, e.g. banks or the University of Münster, and can look convincingly genuine. In most cases, they refer to an urgent problem (threat to delete the account, request to change the password, etc.) and demand immediate action from the user. This is just an excuse to make users hurriedly visit a linked website or run a malicious file that is sent along with it.

    The linked websites are often designed in the same way as the original company websites, and the address line of the browser usually shows an address that looks confusingly similar to the real one, e.g. http://www.uni-meunster.de instead of http://www.uni-muenster.de. Sometimes, in addition to supposed "security checks" or "updates", the user is asked to enter personal data in order to obtain further information, such as an address or credit card number. However, if you do so, the information is passed on to the criminals, who misuse it for their own purposes or resell it.

  • Dangers of Sending E-mails

    Sending an e-mail is similar to the classic postal delivery of, for example, a postcard. Any person with some expertise can

    • take a look at the postcard, i.e. read it,
    • draw on the postcard, i.e. change it, and
    • send postcards under a false name, i.e. fake them.

    The cause of the first two points mentioned is the fact that e-mails are not encrypted or signed by themselves. Any person who has access to parts of the delivery path can read or modify the content of the e-mail. Almost all e-mail services now offer transport encryption for sending e-mails, but these only encrypt the e-mails as far as the e-mail service's server! You can find out how to secure e-mails with sensitive content all the way to the recipient (end-to-end encryption) here.

    As with a letter, there is no verification of the address information for e-mails when they are delivered, so forgery is possible. Only when sending an e-mail this verification is partially performed. For example, the mail server of the University of Münster ("secmail.uni-muenster.de") does not accept e-mails if the address does not match the sender. However, the University of Münster cannot enforce e-mails with "uni-muenster.de" or "wwu.de" addresses to be sent only via this server worldwide.

  • Typical Clues for Malicious or Unwanted Emails

    All email users come into contact with the terms spam and phishing sooner or later, as such messages are mostly sent via e-mail. But how do you recognize spam, phishing, scam and other dangerous e-mails? This is often not easy, as phishing e-mails in particular are increasingly well designed, so that they have a deceptively genuine layout and often matching design with legitimate e-mails from well known companies. However, there are some clues you should look out for:

    • Address: Look for plausible sender addresses that match the alleged originator, such as "...@uni-muenster.de" for emails from the University of Münster.
    • Salutation: Most companies will use your real name in the salutation. General salutations are often used in fake messages, such as "Dear Customer", "Dear ...-Customer" or simply "Good day".
    • Urgency/Threats: Most phishing attempts are characterized by requests for immediate action, such as logging onto a website immediately or checking an invoice. There are often threats of alleged consequences (e.g., blocking of access or debiting of large sums of money) if that you wait too long. Most legitimate companies will contact you by e-mail or phone for urgent matters.
    • Offers/Wins: Spam messages for scam purposes often make great offers and promise large prizes. If an email contains such offers or a variety of advertisements, you should become suspicious and should not respond.
    • Links: Another characteristic of scam e-mails are cryptic-looking or confusingly similar links, e.g. "uni-meunster.de" or "uni-muenster.de.com" instead of "uni-muenster.de". Often such links are hidden behind texts/buttons. Take a close look at the whole link in the tooltip and check the plausibility when you point the mouse cursor over it.
    • Digital Signatures: E-mails with a correct digital signature are indicated by a seal on the message in most e-mail applications. Since fraudulent e-mails are often sent under false sending addresses, they usually do not have a valid digital signature. However, since its use is still relatively limited, most e-mails are still sent unsigned anyway.
    • Grammar/Spelling: Texts from scam e-mails are often generated with the help of translation tools, so that grammar and spelling are frequently incorrect.

    Our Checklist: How to Detect Scam E-Mails summarizes all the important points by which you can recognize whether the e-mail is a phishing or other malicious e-mail. If several of these points apply to an e-mail, it is probably a scam message. If it has a specific connection to the University of Münster, report the e-mail, otherwise simply delete it!