Malware often spreads via email attachments, files through messenger programs like WhatsApp or active content in web pages.
- Be always suspicious when you receive unexpected emails and do not open email attachments. Attachments with double file extensions such as "test.pdf.exe" contains malicious code most likely.
- Not click contained links. Go with the mouse over the link (do NOT CLICK!) and check that the displayed link matches with real url. We will never require to go on web pages outside of our domain uni-Weimar.de to enter there sensitive data. By clicking of links it is always possible that you get infected with malware.
- Most email programs have the possibility to manage incoming emails and to foward and save them in different email folders. So it is possible to redirect emails from known users in existing folders. With such a configuration, you will only have a manageable number of mails in your default receive Folder that can be edited with appropriate caution.
- The forging of email addresses is possible without much effort. The display name of the sender has no reliability. If you get an email from a known person, that contains an exotic subject, caution is still advised. Ask in case of doubt the (alleged) sender.
- Don't answer any unsolicited email, also not to cancel the reception.
- Turn off the automatic opening and viewing of email attachments in your email program.
- Be suspicious when emails ask you to install a software or to send or enter sensitive data somewhere.
- Disable the HTML view and use instead the plain text view.
- Check all files downloaded to your computer before opening with a malware protection.
- Be suspicious on web pages that ask you to install Software. Do not click on any pop-up window.
- Turn off automatic opening of active content in the web browser and mail client or restrict it.
General advice for secure e-mail use from the BSI :
- use of secured protocols (POPS, IMAPS, SMTPS)
- avoid display and generation of e-mails in HTML format
- deactivate active content - like pictures - in HTML e-mails
Check the security of e-mail clients and web browsers:
|E-Mail:||email check by heise Security|
|web browser:||browser check by heise Security, test site by Hasso-Plattner-Institut|
Servicezentrum für Computersysteme und -kommunikation
phone: +49 (0) 36 43/58 24 24
- IT security
- Aktuelle Meldungen
- security certificates (PKI)
- password security
- malware protection
- Patch- und Schwachstellenmanagement
- Golden rules
- 1. Install security patches immediately
- 2. Use a malware protection and keep it up-to-date
- 3. Use security features of the operating system
- 4. Use secure passwords
- 5. Do not work with administrative rights
- 6. Be careful when using email clients, instant messengers and web browsers
- 7. Use only really needed software from safe sources
- 8. Protect the computer from unauthorized access
- 9. Be informed
- 10. Backup data
- 11. Do not reveal sensitive information unconsidered
- 12. Take special care in insecure environments
- 13. Reduce attack vector
- Externe IT-Dienste