Skip to main content

Think first, then click

Internet attacks? Phishing? Security gaps? German IT-experts explain how computer users can protect themselves.

12.01.2017
© ra2 studio/fotolia - Cyber security

Berlin (dpa) - Internet attackers using tricks such as trojan viruses and phishing are becoming ever more inventive, but computer users can protect themselves if they follow a few simple tips.

EMAILS AND PISHING

The most frequent method of infection is still via email attachment. When you open one, malicious software is secretly installed on your computer. Or you may be directed to a fake website that seeks your personal data (phishing). The emails are usually invoices and the fakes are getting better and better.

"For example, the attackers look at the contacts of a person on Facebook and then send emails using their names," says Joachim Wagner, spokesman for the Germany Office for Information Security (BSI). Usually only the address of the sender makes it clear that the email isn’t coming from who it purports to be coming from.

"When it comes to banking, blocked accounts and the like and you’re asked to click on something, you should always be sceptical," advises Maurice Ballein, an editor with the IT portal Netzwelt.de. "Think first, then click!" says Wagner.

The recipient should ask themselves three questions:

  • Do I know the sender?
  • Is the subject line meaningful or vague?
  • Do I expect an attachment?

"If there any doubts, delete the email unopened."

You can also contact the company that purportedly sent the email or log into your account to see if anything is really happening - just don’t follow the link in the suspicious email to get there.

 

ONLINE BANKING

Here, safe passwords are essential.

"Please use different passwords for important accounts and change them regularly," advises Wagner. Many services offer two-factor authentication for extra security. Secure websites can be recognized by the "https" in their address.

  • Click on the lock icon next to it to see information about the security certificate.
  • Don’t ever carry out sensitive transactions in a public WiFi network. Your home WiFi also needs a good password.
  • And don’t forget to always log out of active accounts.

RANSOMWARE

Crypto-trojan viruses encrypt the files on a computer and criminals then blackmail the owner to pay to have them decrypted. Ransomware is spread via manipulated websites, downloads and email. "We strongly advise against paying the ransom," says Frank Timmermann from the Institute for Internet Security in Gelsenkirchen, Germany.

  • The best defence, Wagner says, is to make the potential area for attack as small as possible.
  • Your browser, operating system and programs should always be up-to-date. "It’s important to have appropriate security solutions, from the firewall to anti-virus software," says Ballein. All three experts recommend regular backups to external media.

SECURITY GAPS

There are always weak points in current software. Once vulnerabilities are discovered it can take the developer a few days to plug the gap. You should always install any updates promptly - after first making sure you’re downloading them from the legitimate site.

 

MANIPULATED ADVERT BANNERS

Ad banners even on legitimate websites can be manipulated to infect people’s computers with malicious code.

  • "The browser should be up-to-date and have real-time security detection," says Ballein.
  • Deactivating JavaScript is one way to be on the safe side, but this limits the usability of many websites.
  • A compromise between protection and functionality is to use the NoScript add-on for Firefox - it allows users to decide whether or not to let scripts and plug-ins run on certain pages.

IBM Think Academy: Cybersecurity, How it works: Incident response