- Get link
- X
- Other Apps
In relevant groups on Facebook and elsewhere that deal with IT security issues, you can find daily inquiries from unsettled users about spam mail, e-mails with questionable and eerie requests for payment or orders that you have not placed, or with malware attached. In such groups, however, there are by no means only experts. Here mainly lay people answer questions from laypeople and stir up uncertainty and panic with completely nonsense advice.
E-Mails as A Doom
The
fact is, email is one of the most common ways in which all kinds of attacks on
data and computers occur. You can roughly differentiate between three
types of threats, whereby it is possible that a mail also fits into two or even
all three of these categories. There are three types:
·
Spam emails, often fraudulently promoting goods or services;
·
Phishing emails, the aim of which is to obtain access data for
websites, bank account details, or credit card details;
·
Malware e-mails whose aim is to install one or more malicious
programs, usually Trojans, on the user's device.
Spam Emails
Almost
every user finds spam in their inbox every day. Spam is mostly unsolicited
advertising. It can be advertising for real products or services, but also
fraud. Pure spam, i.e. emails that neither have an attachment nor
encourage you to click on the Internet links contained therein, is completely
harmless as long as you do not fall for the content itself. Word has got
around by now that there are no announced large amounts of money that are
supposed to be somewhere abroad and are to be released with the help of a nice
person (with you). Successful homework with immense income, sudden
enormous inheritances, actually prescription drugs, and much more, what spam
mails promise is humbug or even fraud. The only necessary precaution,
however, is: don't believe it, don't react. Above all: do not answer,
because you only confirm that someone is reading the mail. On the other
end, there is no one interested in your outrage over spam. Even forwarding
them to reporting points does not bring anything except additional mail
traffic.
Phishing Emails
You can find many examples of phishing emails on my website. Phishing is the attempt to steal access data for websites and user accounts or bank and credit card data. Specifically, the user who receives such a phishing email should be persuaded to follow a link on the Internet, where he should enter his access data for the displayed page on a website. For example, more or less cleverly falsified e-mails from the mail-order company Amazon are regularly used to claim that someone tried to make a purchase using the mail recipient's account. This is where fear is generated: does anyone have access to my account?
How
to recognize phishing emails, I have explained in the link here
and many other articles with clear examples. Basically, you should always
be suspicious if something improbable is asserted, if you are asked to click on
a link within the mail to then log in somewhere, or something similar.
If
the allegation from a phishing mail seems even a bit plausible to you, please
check the allegation independently. In the case of Amazon mail, this
means: do not call up Amazon from the mail, but open Amazon as if you wanted to
buy something there, i.e. via your app or browser. Do not click on links
offered in the mail. If there is anything to the claim in the email, you
will surely find evidence of it in your Amazon account. If everything is
fine there, it is a phishing email that you should simply delete. Informing
Amazon about this is rather pointless. And even if the sender should be
Amazon itself at first glance: this is a fake, the mail does not come from
Amazon, and therefore it does not help,
Malware Emails
The third variant, which often leads to the most nonsensical advice in Facebook
groups, comprises e-mails that are supposed to install malware on readers via
an attachment or a link on the Internet.
This
type of mail can go hand in hand with a phishing attempt, for example. This
is the case, for example, with a current campaign with supposed shipping
confirmations from Amazon. The usual attempt is made to lure readers to
fake Amazon pages and persuade them to enter their data, but a file is also
attached to these emails, more precisely a Word document - recognizable by the
ending * .doc.
Word
documents are one of the typical attack vectors because Microsoft Office can
process so-called macros. Macros are small programs that can be embedded
in documents from Word, Excel, PowerPoint, etc. In the event of an attack
in this way, such a macro uses the extensive capabilities of Microsoft Office
in a Windows environment to download malware, usually a Trojan, from the
Internet and install it in the system.
A concerned user recently received an inquiry in a Facebook group on the subject
of IT security, who had just received this e-mail on her mobile phone and had
also opened the document. The other participants in the group promptly
came up with mostly absurd recommendations:
·
Use the latest virus scanner (Total Security)
·
Check all programs
·
Reset your phone to factory settings
·
Change all passwords
Nonsense. Some
of the respondents apparently did not realize that the questioner had
specifically spoken of her cell phone and recommended Windows programs. But
there were also specific instructions such as “reset cell phone”. This
completely nonsensical action, like changing all passwords, would only be a lot
of work.
In
their ignorance, laypeople attribute malware to almost magical capabilities. The
usual reporting in the media promotes the view that malware is practically
everywhere and that the same means must be used everywhere. However, the
reality is very different.
The fact is: malicious software that is distributed en masse by
e-mail is almost exclusively aimed at the Windows operating system. It
starts with the fact that, as described above, Microsoft Office documents are
usually used as the first stage of the attack, which can only work if these
documents are opened with Microsoft Office under Windows and the
execution of macros is expressly permitted. Since Windows only runs on
desktop computers and notebooks and Microsoft Office cannot run macros on
mobile devices, nothing at all can happen on a mobile phone. Even if MS The office is available, and even if this software should be able to execute macros
at some point, the downloaded program will still not run on iOS or Android
because it is a Windows program.
It
is much more difficult to catch malware on a mobile phone than on Windows. Nevertheless,
there are examples of this, including those that begin with an email. For
example, email campaigns that distribute banking Trojans attempt to persuade
the user to install an "update" for their banking app and two-factor
authentication or the TAN via mobile phone after the Windows system is
infected. by providing an APK file (i.e. an Android program) for Android. The
user can only install this on the mobile phone if he deactivates the security
function, which prevents the installation of applications from third-party
sources (sources other than the Google Play Store). In other words: it
takes a lot more help from the user than just opening a Word file.
On
the mobile phone (regardless of whether iOS or Android) and under macOS or
Linux, programs are much better sealed off from each other than under Windows. It
is many orders of magnitude more difficult to infect other applications. But
even under Windows, this, the actual craft of the malware type, which is
technically correct to be called a "virus", has now become so
difficult that there are hardly any real viruses. While the term has
become a collective term for malware, infecting other programs has become
practically meaningless these days. So much for the nonsensical proposal
to examine all programs.
Since
the cell phone cannot be infected by simply opening a Word file, there is no
need to reset it to the factory settings. Changing passwords is also
nonsense if you have not logged into a phishing site with it - passwords cannot
magically be read out and reported to the network. There are exceptions to
this statement, for example by exploiting security holes in browsers or password
managers in which passwords have been saved, but this type of attack is also
rather rare. Of course, browsers and password managers, like all software,
must be updated regularly and promptly when updates are available.
Facts: So What Is Sensible to Do?
Outside
of Windows, i.e. on the Mac, under Linux, on the iPhone or Android mobile phone
or tablet, malware has no effect on an email. The danger here is
practically exclusively under Windows, although it is entirely conceivable that
someone could distribute malware for macOS in this way. Nevertheless,
protective mechanisms also work here, which should prevent a trace-free
installation without the assistance of the user. Even MS Office doesn't
have as extensive options in macOS as it does under Windows.
You can therefore see it as a security measure to read your mail
under an operating system other than Windows. But even Windows is
difficult to infect without the help of the user. Also, virus
scanners make sense under Windows due to the possibilities that this system
gives scanners (and thus unfortunately also malware) - but
not on other systems.
So
under Windows, it is important to be extremely careful and suspicious of file
attachments to emails. Exact checks should always be carried out here and,
if necessary, queries should be made to alleged senders or checked through
separate login in accounts, as described above.
Phishing e-mails, on the other hand, can work regardless of the
operating system, since the only aim is to persuade you to enter your data on a
fake page. So you have to learn to recognize fake emails and pages. I
provide help here and specifically with all of the various phishing examples
on my website.
Comments
Post a Comment