Awareness campaign

Language navigation

Phishing Identify dangerous e-mails quickly and reliably

You’ve just opened an Excel file named “Management levels 2019” and enabled the macros included in the document by clicking “Enable editing” and “Activate content” in the status bar. When you enabled editing, your computer could have been infected with malware (malicious software) in the worst-case scenario.

The e-mail appeared to originate from within the company and prompted you to open an attachment claiming to be a new management list following internal reorganization. You were prompted to activate the macros in the attached document. You did as you were asked without noticing the alarm signals.

You could have seen through this particular “management list” attack. To begin with, the sender looked suspicious and was indeed fake (michael.beyer@p0st.ch). The fact that such sensitive information was sent by e-mail, without encryption and using an incorrect address should have led you to doubt its authenticity. When you were then asked to activate the macros, you should definitely have become suspicious.

Do not open any e-mail attachments if you are not sure what they contain!

Note: This attack was part of a Swiss Post awareness campaign. No data was transferred and no malware was installed.

Tabs

Preventing the attack

Never enable active content, such as the Word macros in this case, if you are not sure that the document comes from a reliable source. In this attack, just opening the Word file would not have caused any damage.

Be wary of all e-mails that arrive in your inbox:

  • How does the sender know your address and why are you receiving the e-mail?
  • Do you know the sender, does the content make sense and does the language sound like the sender?
  • Are you being pressured into doing something or is something being offered to you in a pushy manner?

How hackers operate

Hackers use a good story to try to get their victims to open an infected attachment in which they have placed their malware.

We are currently seeing an increasing number of attacks with so-called “ransomware”, which when launched encrypts the victims’ data and blocks their access to their own data. Then comes the demand for ransom. Malware of this kind can often also spread through company networks, causing a good deal of damage.

Strengthen your knowledge with our phishing exercise.

Start the exercise now