Total Security Software: Dealing with Phishing & Malware in a Correct Manner
In relevant groups on Facebook and elsewhere that deal with IT security issues, you can find daily inquiries from unsettled users about spam mail, e-mails with questionable and eerie requests for payment or orders that you have not placed, or with malware attached. In such groups, however, there are by no means only experts. Here mainly lay people answer questions from laypeople and stir up uncertainty and panic with completely nonsense advice.
E-Mails as A Doom
The fact is, email is one of the most common ways in which all kinds of attacks on data and computers occur. You can roughly differentiate between three types of threats, whereby it is possible that a mail also fits into two or even all three of these categories. There are three types:
· Spam emails, often fraudulently promoting goods or services;
· Phishing emails, the aim of which is to obtain access data for websites, bank account details, or credit card details;
· Malware e-mails whose aim is to install one or more malicious programs, usually Trojans, on the user's device.
Spam Emails
Almost every user finds spam in their inbox every day. Spam is mostly unsolicited advertising. It can be advertising for real products or services, but also fraud. Pure spam, i.e. emails that neither have an attachment nor encourage you to click on the Internet links contained therein, is completely harmless as long as you do not fall for the content itself. Word has got around by now that there are no announced large amounts of money that are supposed to be somewhere abroad and are to be released with the help of a nice person (with you). Successful homework with immense income, sudden enormous inheritances, actually prescription drugs, and much more, what spam mails promise is humbug or even fraud. The only necessary precaution, however, is: don't believe it, don't react. Above all: do not answer, because you only confirm that someone is reading the mail. On the other end, there is no one interested in your outrage over spam. Even forwarding them to reporting points does not bring anything except additional mail traffic.
Phishing Emails
You can find many examples of phishing emails on my website. Phishing is the attempt to steal access data for websites and user accounts or bank and credit card data. Specifically, the user who receives such a phishing email should be persuaded to follow a link on the Internet, where he should enter his access data for the displayed page on a website. For example, more or less cleverly falsified e-mails from the mail-order company Amazon are regularly used to claim that someone tried to make a purchase using the mail recipient's account. This is where fear is generated: does anyone have access to my account?
How to recognize phishing emails, I have explained in the link here and many other articles with clear examples. Basically, you should always be suspicious if something improbable is asserted, if you are asked to click on a link within the mail to then log in somewhere, or something similar.
If the allegation from a phishing mail seems even a bit plausible to you, please check the allegation independently. In the case of Amazon mail, this means: do not call up Amazon from the mail, but open Amazon as if you wanted to buy something there, i.e. via your app or browser. Do not click on links offered in the mail. If there is anything to the claim in the email, you will surely find evidence of it in your Amazon account. If everything is fine there, it is a phishing email that you should simply delete. Informing Amazon about this is rather pointless. And even if the sender should be Amazon itself at first glance: this is a fake, the mail does not come from Amazon, and therefore it does not help,
Malware Emails
The third variant, which often leads to the most nonsensical advice in Facebook groups, comprises e-mails that are supposed to install malware on readers via an attachment or a link on the Internet.
This type of mail can go hand in hand with a phishing attempt, for example. This is the case, for example, with a current campaign with supposed shipping confirmations from Amazon. The usual attempt is made to lure readers to fake Amazon pages and persuade them to enter their data, but a file is also attached to these emails, more precisely a Word document - recognizable by the ending * .doc.
Word documents are one of the typical attack vectors because Microsoft Office can process so-called macros. Macros are small programs that can be embedded in documents from Word, Excel, PowerPoint, etc. In the event of an attack in this way, such a macro uses the extensive capabilities of Microsoft Office in a Windows environment to download malware, usually a Trojan, from the Internet and install it in the system.
A concerned user recently received an inquiry in a Facebook group on the subject of IT security, who had just received this e-mail on her mobile phone and had also opened the document. The other participants in the group promptly came up with mostly absurd recommendations:
· Use the latest virus scanner (Total Security)
· Check all programs
· Reset your phone to factory settings
· Change all passwords
Nonsense. Some of the respondents apparently did not realize that the questioner had specifically spoken of her cell phone and recommended Windows programs. But there were also specific instructions such as “reset cell phone”. This completely nonsensical action, like changing all passwords, would only be a lot of work.
In their ignorance, laypeople attribute malware to almost magical capabilities. The usual reporting in the media promotes the view that malware is practically everywhere and that the same means must be used everywhere. However, the reality is very different.
The fact is: malicious software that is distributed by e-mail is almost exclusively aimed at the Windows operating system. It starts with the fact that, as described above, Microsoft Office documents are usually used as the first stage of the attack, which can only work if these documents are opened with Microsoft Office under Windows and the execution of macros is expressly permitted. Since Windows only runs on desktop computers and notebooks and Microsoft Office cannot run macros on mobile devices, nothing at all can happen on a mobile phone. Even if MS The office is available, and even if this software should be able to execute macros at some point, the downloaded program will still not run on iOS or Android because it is a Windows program.
It is much more difficult to catch malware on a mobile phone than on Windows. Nevertheless, there are examples of this, including those that begin with an email. For example, email campaigns that distribute banking Trojans attempt to persuade the user to install an "update" for their banking app and two-factor authentication or the TAN via mobile phone after the Windows system is infected. by providing an APK file (i.e. an Android program) for Android. The user can only install this on the mobile phone if he deactivates the security function, which prevents the installation of applications from third-party sources (sources other than the Google Play Store). In other words: it takes a lot more help from the user than just opening a Word file.
On the mobile phone (regardless of whether iOS or Android) and under macOS or Linux, programs are much better sealed off from each other than under Windows. It is many orders of magnitude more difficult to infect other applications. But even under Windows, this, the actual craft of the malware type, which is technically correct to be called a "virus", has now become so difficult that there are hardly any real viruses. While the term has become a collective term for malware, infecting other programs has become practically meaningless these days. So much for the nonsensical proposal to examine all programs.
Since the cell phone cannot be infected by simply opening a Word file, there is no need to reset it to the factory settings. Changing passwords is also nonsense if you have not logged into a phishing site with it - passwords cannot magically be read out and reported to the network. There are exceptions to this statement, for example by exploiting security holes in browsers or password managers in which passwords have been saved, but this type of attack is also rather rare. Of course, browsers and password managers, like all software, must be updated regularly and promptly when updates are available.
Facts: So What Is Sensible to Do?
Outside of Windows, i.e. on the Mac, under Linux, on the iPhone or Android mobile phone or tablet, malware has no effect on an email. The danger here is practically exclusively under Windows, although it is entirely conceivable that someone could distribute malware for macOS in this way. Nevertheless, protective mechanisms also work here, which should prevent a trace-free installation without the assistance of the user. Even MS Office doesn't have as extensive options in macOS as it does under Windows.
You can therefore see it as a security measure to read your mail under an operating system other than Windows. But even Windows is difficult to infect without the help of the user. Also, virus scanners make sense under Windows due to the possibilities that this system gives scanners (and thus unfortunately also malware) - but not on other systems.
So under Windows, it is important to be extremely careful and suspicious of file attachments to emails. Exact checks should always be carried out here and, if necessary, queries should be made to alleged senders or checked through separate login in accounts, as described above.
Phishing e-mails, on the other hand, can work regardless of the operating system, since the only aim is to persuade you to enter your data on a fake page. So you have to learn to recognize fake emails and pages. I provide help here and specifically with all of the various phishing examples on my website.
Malware emails, phishing emails, and spam emails can be safely deleted. They won't magically infect your system from the Recycle Bin.
No comments:
Post a Comment