6. Be careful when using email clients, instant messengers and web browsers

Malware often spreads via email attachments, files through messenger programs or active content in web pages.

  • Be always suspicious when you receive unexpected emails and do not open email attachments. Attachments with double file extensions such as "test.pdf.exe" contains malicious code most likely. Ransomware is often smuggled onto systems via macros from Office documents that are sent as e-mail attachments. Never activate the macro function, which is deactivated by default.
  • Not click contained links. Go with the mouse over the link (do NOT CLICK!) and check that the displayed link matches with real url. We will never require to go on web pages outside of our domain uni-Weimar.de to enter there sensitive data. By clicking of links it is always possible that you get infected with malware.
  • Most email programs have the possibility to manage incoming emails and to foward and save them in different email folders. So it is possible to redirect emails from known users in existing folders. With such a configuration, you will only have a manageable number of mails in your default receive Folder that can be edited with appropriate caution.
  • The forging of email addresses is possible without much effort. The display name of the sender has no reliability. If you get an email from a known person, that contains an exotic subject, caution is still advised. Ask in case of doubt the (alleged) sender.
  • Don't answer any unsolicited email, also not to cancel the reception.
  • Turn off the automatic opening and viewing of email attachments in your email program.
  • Be suspicious when emails ask you to install a software or to send or enter sensitive data somewhere.
  • Disable the HTML view and use instead the plain text view.
  • Check all files downloaded to your computer before opening with a malware protection.
  • Be suspicious on web pages that ask you to install Software. Do not click on any pop-up window.
  • Never enter sensitive data on websites that transmit them unencrypted. Make sure that HTTPS is used instead of HTTP.
  • Unencrypted e-mails can be compared to postcards. Sensitive information should never be sent with unencrypted e-mails, but only with encrypted e-mails or via alternative communication channels.
  • Turn off automatic opening of active content in the web browser and mail client or restrict it.
  • Use an ad blocker to protect yourself from hidden malware in advertising banners.
13 golden rules of IT security
← Back to rule number 5:
Do not work
with administrative rights		→ Continue with rule number 7:
Use only really needed software
from safe sources