In the last blog article, the topic of access control and securing user access through multi-factor authentication was essentially covered. In this article, we seamlessly continue the theme and highlight one of the most common mistakes users make in everyday office life: careless handling of emails and the file attachments they contain.
90% of cyber attacks start with phishing. Phishing emails often pretend to be from trustworthy senders to trick users into disclosing sensitive information or clicking on dangerous links.
In practice, the following scenario is often encountered: An employee receives an email with an urgent invoice. The sender appears to be the familiar, long-term supplier. To resolve the matter quickly, the employee opens the attachment in the email, which results in ransomware being installed and all company files being encrypted. All company data is now unusable, and business operations cannot continue without the data.
What could the employee have done to prevent this scenario? One thing upfront: in our example, state-of-the-art antivirus programs and spam filters were installed on the systems. Attackers are increasingly using polymorphic, AI-generated malware that changes its code faster than anti-malware programs and spam filters can recognize threats as such—so-called zero-day exploits.
Users are therefore advised to carefully check sender addresses. The user should display the full email address. Display names in emails can be deceptive, as the underlying email address could come from an attacker.
It is also essential to carefully check the domain name. For example, if the actual email address of the supplier is rechnung@lieferant.de, a malicious email could come from rechnung@liferant.de. Anyone can register free domains and use them for criminal purposes.
Additionally, every user should always critically question whether the attachment seems plausible. In case of doubt, always clarify by phone with the email sender.
Tip: From a technical perspective, it is essential to set corresponding DMARC, DKIM, and SPF records on the email server.
It is important to know that phishing attacks can now contain very personal information to appear trustworthy. Hackers often use such social engineering techniques to build trust with the victim through direct address and reach their goal faster.
Special caution is required for attachments with double extensions, such as Rechnung.pdf.exe. Malicious code can be embedded here, which is automatically executed when the file is clicked.
Practical tip: Always have such attachments checked for malicious code in so-called sandboxes.
The same applies to macros—these should only be activated if they come from a reputable source and their content is business-relevant.
Special caution is also required for links in MS Office documents: Links can contain hidden downloads or lead to dangerous websites. Therefore, always check these links for legitimacy.
