Phishing and Email Security

Cyber criminals tend to focus on email communication at the workplace on account of its wide distribution. However, email security doesn't only involve preventing possibly harmful or unwanted incoming emails, but also protecting one's outgoing emails, especially if sensitive information is included. The terms spam and phishing are often used in the context of harmful and unwanted emails.

But beware: cyber attacks or unwanted messages can also be sent through other communication channels besides email. That's why it's important to be equally vigilant if you receive unusual communications when using messengers, social networks or even the telephone.

  • Spam

    Spam is the general term for unwanted messages, usually sent in mass quantities. The name comes from Hormel’s tinned meat product “SPAM”, made famous by the Monty Python sketch and is synonymous for “unwanted things in abundance”. Although spam messages can be distributed in a variety of ways, such as by fax or SMS, most people think of spam as emails. The originators, also called "spammers", of such messages send them automatically. Most often, such messages are used for advertising purposes, fraud attempts, distribution of malware or phishing.

    For advertising purposes or fraud attempts, "fantastic" and "unbelievable" products, e.g. novel diet pills or get-rich-quick schemes, are often promoted. A lot of great promises are made in order to persuade the recipient to take up the offer. As a rule, however, such products and offers do not deliver what they promise or are non-existent and the money paid is lost forever.

  • Phishing

    Phishing is the term used to describe emails or websites that have been prepared by criminals and are designed to obtain information for the purpose of identity fraud. Often, these are emails that pretend to come from well-known companies, e.g. banks or the University of Münster, and can look convincingly genuine. In most cases, they refer to an urgent problem (threat to delete the account, request to change the password etc.) and demand immediate action from the user. This is just an excuse to make panicked users visit a linked website or run a malicious file that is attached to it.

    The linked websites are often designed in the same way as the original company websites, and the address line of the browser usually shows an address that looks deceptively similar to the real one, e.g. http://www.uni-meunster.de instead of http://www.uni-muenster.de. Sometimes, in addition to supposed "security checks" or "updates", the user is asked to enter personal data to verify their ID, such as an address or credit card number. If you fall for this ruse, your information is forwarded to the criminals who misuse it for their own purposes or sell it.

  • Risks of sending emails

    Sending an email is similar to sending a postcard via old-fashioned postal delivery. Any person with some expertise can

    • take a look at the postcard, i.e. read it,
    • draw on the postcard, i.e. change it, and
    • send postcards under a false name, i.e. fake them.

    The first two risks are possible because emails are not encrypted or signed by themselves. Any person who has access to parts of the delivery path can read or modify the content of the email. Almost all email services now offer transport encryption for sending emails, but these only encrypt emails as far as the email provider's server! You can find out how to secure emails with sensitive content all the way to the recipient (end-to-end encryption) here.

    As with a letter, there is no way to verify the address information of incoming emails, so forgery is always a possibility. Only when sending an email can verification be partially performed. For example, the mail server of the University of Münster ("secmail.uni-muenster.de") does not accept emails if the address does not match the sender. However, the University of Münster cannot prevent other servers around the world from using the "uni-muenster.de" domain in their email addresses.

  • Typical signs for malicious or unwanted emails

    All email users come into contact with the terms "spam" and "phishing" sooner or later, as such messages are mostly sent via email. But how do you recognise spam, phishing attempts, scams and other dangerous emails? It is not always easy, as phishing emails use deceptively genuine looking or matching designs of legitimate emails from well-known companies. However, there are some clues you should look out for:

    • Address: Look for plausible sender addresses that match the alleged originator, such as "...@uni-muenster.de" for emails from the University of Münster.
    • Salutation: Most companies will use your real name in the salutation. General salutations are often used in fake messages, such as "Hello", "Dear Customer" or simply "Good day".
    • Urgency/threats: Most phishing attempts typically request you to take immediate action, such as logging onto a website or checking an invoice. There are often threats of alleged consequences (e.g. blocked access or a large sum of money to be debited from your account) if you wait too long. Most legitimate companies will contact you by mail or phone for urgent matters.
    • Offers/prize winnings: Spam messages for scam purposes often make great offers and promise large prizes. If an email contains such offers or a variety of advertisements, you should become suspicious and not respond.
    • Links: Another sign of a scam is when the emails appear cryptic or contain deceptively similar links, e.g. "uni-meunster.de" or "uni-muenster.de.com" instead of "uni-muenster.de". Often such links are hidden behind texts/buttons. Take a close look at the whole link in the tooltip and verify its plausibility when you hover the mouse cursor over it.
    • Digital signatures: Emails with a correct digital signature are indicated by a seal on the message in most email applications. Since fraudulent emails are often sent under false sending addresses, they usually do not have a valid digital signature. However, since its use is still relatively limited, most emails are still sent unsigned anyway.
    • Grammar/spelling: Texts from scam emails are often generated with the help of translation tools and frequently contain grammar and spelling mistakes.

    Our Checklist: How to detect scam emails summarises all the important points to help you recognise whether an email is a phishing attempt or otherwise malicious. If several of these apply to an email, it's probably a scam message. If it has a specific connection to the University of Münster, please report the email, otherwise simply delete it!