Phishing

Instructions and educational videos for Protection from Social Engineering Attacks by HNDGS/ E5 Branch.

How to protect yourself from phishing email attacks:

Basic rule: We are very careful and suspicious when we open our e-mail, especially when we receive emails that we do not expect.

We need to know that no one can steal our passwords online and our personal data in general without our consent.

  1. We never open emails that we don’t expect. We do not open unknown emails. We do not reply to unknown emails.
  2. If we receive something “suspicious” we delete it immediately, especially if it is in the folder with the unwanted mail (spam).
  3. Even if the email seems to have been sent from a valid account / sender, we should check it and be suspicious. If necessary, we contact the sender, to verify that he sent us the specific email.
  4. Very often phishing emails are misspelled and have several spelling and syntax errors. Therefore, we do not open such emails or follow suggested links or open their attached files.
  5. We should not open suspicious email attachments, especially those with suffixes: (.bat, .chm, .cmd, .com, .exe, .hta, .ocx, .pif, .scr, .shs, .vbe,. vbs, .ps1, .wsf, js).
  6. If we open such email, we do not follow (click) links in the message. It is better to type the address yourself.
  7. No organization / company (such as banks) will ask us for sensitive data / data such as usernames, passwords or phone numbers via email or by phone.
  8. Each time we follow a link, we check in the address bar (URL) that we are in the correct / predicted location, that the appropriate and valid security certificate exists and that the connection is encrypted (HTTPS), especially if it is a service.
  9. In case we find out that a message does not come from the valid sender or we consider that we have found a phishing email in general, then we report it immediately, so as to protect other users.
  10. We must encrypt emails when sending personal data. https://www.certcoop.eu/wp-content/uploads/2019/04/Encrypted_email_exchange.ogv
  11. When promoting email, it is a good practice to use BCC (Blind Carbon Copy) so that recipients do not show up.

The following videos are educational material from the participation of the Directorate in the European Program (EU Horizon 2020) DOGANA: