E-Mail-Security: You’ve got mail.

Safe surfing

We receive contact requests, account notifications, newsletters, documents and lots more via email. Criminals try to trick us by mingling fraudulent messages into this flood of information.

iBarry sniffs an email that could contain malware or a phishing link, or that could be blackmail or love fraud.

Attacked by an email

While modern cyber threats can take different forms and delivery methods, email continues to be one of the primary approaches used by cyber attackers. Private and business communications via email seem personal but are not: anyone can send you an email—and anyone does.

Email attack scenarios typically try to trick you into doing something you shouldn’t, like clicking on a link, opening a document or transferring money, and they have one thing in common: you have to act right now! In order to stop you from thinking too much, it’s always urgent!

«It’s always urgent!»

Scenario I: Click here!

The attackers want you to visit a fake website to steal your login credentials or infect your computer with malware. Here are three examples of how they try to trick you:

Tempting offer - An iPhone for CHF1.00; a lottery win; 80% discount on designer bags.

Threat - Your account will be deleted; your emails will be deleted; your account has been hacked.

Disguise - Your IT department, your bank, a friend or a colleague.

Have you clicked? Don’t worry.

Change your passwords.
Run your antivirus program.
Talk to your IT department.

More Information


Phishing is an attempt to gain access to personal information about an Internet user through fake websites, e-mails or short messages in order to commit identity theft. Further information on phishing.

Social Engineering

Social engineering is a common method of manipulating people so they give up confidential information. Attack target is always the human.

Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software. For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password (unless the password is really weak).

In order to obtain confidential information, it is very often the good faith and the helpfulness but also the uncertainty of a person exploited. From fake phone calls, to people pretending to be someone else, to phishing attacks, anything is possible.

Social networking sites have made social engineering attacks easier to conduct. Today's attackers can go to sites like LinkedIn and find all of the users that work at a company and gather plenty of detailed information that can be used to further an attack.

Spam mail

E-mail spam describes mass unsolicited e-mailing of promotional content.

Email spam often contains infected attachments or links that lead to infected web pages. More about spam mail in E-Mail-Security.

Scenario II: Open this document!

The attackers want you to visit a fake website to steal your login credentials or infect your computer with malware. Here are three examples of how they try to trick you:

Threat - You forgot to pay a bill (check the attachment!); you signed a contract.

Curiosity - A whistleblower shares secret information with you; someone shares salary or strategy information with you by accident.

Disguise - Julian Assange, any service provider, a debt collection company, a big bank, a well known company, your company or an applicant.

Have you opened a document? Don’t worry.

Delete the document properly.
Run your antivirus program.
Talk to your IT department.

More information


Ransomware is malicious software that infects your computer and displays messages demanding a fee to be paid in order for your system to work again.

Ransomware is a criminal moneymaking scheme that can be installed through deceptive links in an email message, instant message or website. It has the ability to lock a computer screen or encrypt important, predetermined files with a password.

Typical attacks usually ask for $100 to $200. Other attacks seek much more, especially if the attacker knows the data being held hostage can cause a significant direct financial loss to a company. As a result, cybercriminals who set up these scams can make big sums of money.

No matter what the scenario, even if the ransom is paid, there is no guarantee that computer users will be able to fully access their systems again. While some hackers direct victims to pay through Bitcoin, MoneyPak or other online methods, attackers could also demand credit card data, adding another level of financial loss.

Don’t pay the ransom. Keep in mind, you may not get your files back even if you pay a ransom. A cybercriminal could ask you to pay again and again, extorting money from you but never releasing your data.


A Trojan horse, or Trojan, is a type of malicious code or software that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network.

A Trojan seeks to deceive you into loading and executing the malware on your device by acting to be a desired game or the song you like so much. You might also for example think you’ve received an email from someone you know and click on what looks like a legitimate attachment. But you’ve been fooled. The email is from a cybercriminal, and the file you clicked on — and downloaded and opened — has gone on to install malware on your device.Once installed, a Trojan can perform the action it was designed for.

Trojans usually are employed by cyber-thieves and hackers trying to gain access to users' systems. They can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system.


Computer viruses and other malware are real threats. And rootkits might be the most dangerous, both in the damage they can cause and the difficulty you might have in finding and removing them.

Rootkits are a type of malware that are designed so that they can remain hidden on your computer. But while you might not notice them, they are active. Rootkits give cybercriminals the ability to remotely control your computer.

Rootkits can contain a number of tools, ranging from programs that allow hackers to steal your passwords to modules that make it easy for them to steal your credit card or online banking information. Rootkits can also give hackers the ability to subvert or disable security software and track the keys you tap on your keyword, making it easy for criminals to steal your personal information.

Because rootkits can hijack or subvert security software, they are especially hard to detect, making it likely that this type of malware could live on your computer for a long time causing significant damage. Sometimes the only way to completely eliminate a well-hidden rootkit is to erase your computer’s operating system and rebuild from scratch.


Malware (= malicious software) is the umbrella term for malicious programs that run unnoticed in the background of the user.

Put simply, malware is any piece of software that was written with the intent of damaging devices, stealing data, and generally causing a mess. Viruses, Trojans, spyware, rootkits and ransomware are among the different kinds of malware.

Malware is often created by teams of hackers: usually, they’re just looking to make money, either by spreading the malware themselves or selling it to the highest bidder on the Dark Web. However, there can be other reasons for creating malware too — it can be used as a tool for protest, a way to test security, or even as weapons of war between governments. More about malware.


Spyware is a type of malware. It infiltrates your computing device, stealing data and sensitive information.

Spyware is used for many purposes. Usually it aims to track your internet usage data, capture your credit card or bank account information, or steal your personal identity. Spyware is like a mirror for criminals. It monitors your internet activity, tracks your login and password information, and spies on your sensitive information.

Some spyware install additional software or change the settings. It’s important to use secure passwords and keep your devices updated.

Spyware can affect PCs, Macs, and iOS or Android devices. Although Windows operating systems may be more susceptible to attacks, attackers are becoming better at infiltrating Apple’s operating systems as well. Some common ways your computer can become infected:

  • Accepting a prompt or pop-up
  • Downloading software from an unreliable source
  • Opening email attachments from unknown senders
  • Pirating media such as movies, music, or games

Scenario III: Transfer money!

The attackers want you to transfer money to a Western Union bank or using bitcoin. Here are three examples of how they try to trick you:

Threat - A very important project will fail, you’ll be fired, or very personal information will be disclosed if you don’t transfer the money; contact will stop if you don’t transfer the money.

Tempting offer - After investing a small amount of money you’ll get a lot more in return; a friend needs your help.

Disguise - A friend, your supervisor, a Nigerian prince, a supplier or a bank employee.

Have you transferred money? Don’t worry.

Talk to your bank.
Stop communicating with the attacker immediately.
Report the incident to the police.

More information:

CEO Fraud

CEO fraud is a sophisticated email scam that cybercriminals use to trick employees into transferring them money or providing them with confidential company information.

Cybercriminals send savvy emails impersonating the company CEO or other company executives and ask employees, typically in HR or accounting to help them out by sending a wire transfer. Often referred to as Business Email Compromise (BEC), this cybercrime uses spoofed or compromised email accounts to trick email recipients into acting.

CEO fraud is a social engineering technique that relies on winning the trust of the email recipient. The cybercriminals behind CEO fraud know that most people don’t look at email addresses very closely or notice minor differences in spelling.

These emails use familiar yet urgent language and make it clear that the recipient is doing the sender a big favor by helping them out. Cybercriminals prey on the human instinct to trust one another and on the desire to want to help others.


“To spoof” means to trick or deceive and is an apt description. Criminals send emails with the intent to deceive recipients with phishing or blackmail schemes.

This is done, for example, by sending emails from fake sender addresses which may look like trusted and known sender addresses. Cyber criminals register domains for this purpose which are very similar to the imitated sender addresses and, at first glance, do not raise any suspicions.

Another method used by hackers is the manipulation of email headers. Here, the Sender field is changed so that it is hard, or impossible, to distinguish it from the original.

This allows the sender to send messages that appear to come from a known or trustworthy source, in some cases even from your own account.


1. Take your time: Any time something is urgent take a deep breath and reflect a moment before you click on a link, open a document or transfer money. Do a reality check!

2. Reality check: If something is too good to be true, it usually is—especially on the Internet. Ask yourself if the request or opportunity sent to you via email is realistic. Did I even enter a lottery? Would any designer sell its bags for this incredibly low price? Why would a whistleblower send me documents?

3. Check back: If the reality check does not provide clarity, check back. Is it a suspicious message from your bank? Call your bank. Is it a message from your supervisor? Talk to your supervisor. Is it a bill or contract from a company you know? Call that company.

General protection rules