The Anti-virus Times

The Anti-virus Times recommends

1. If you are not using a corporate email but an external one, use well-known mail services. The probability that they have a vulnerability is rather small (and certainly lower than when using little-known ones).

2. When working with email messages from a PC or a mobile device, yours or a corporate device, you need an anti-virus. A trojan that has penetrated the system can help cybercriminals track the password that you enter when accessing your email account or steal the password storage (for example, from a browser where you forgot to set a password for accessing your list of passwords). An anti-virus protects against malware applications that can steal saved passwords, intercept them or make screenshots of your correspondence. Dr.Web Anti-virus can protect against both known malware and unknown malware that hasn't been analysed by the anti-virus laboratory. In the latter case, malware is detected by Preventive Protection.

3. Do not disable the Dr.Web SpIDer Guard component if you are using a web mail interface. Access to modern mail services is carried out via secure channels, and a file cannot be scanned until the attachment is downloaded on a PC (saved on the hard drive or launched). For example, if an archive containing a file is password-protected.

4. Use anti-spam technologies. Attackers can simply ask you to disclose your password. For example, via an email message that appears to be from a service administrator or a company: your password has been compromised; please report it to us so that it can be replaced.

5. Use Dr.Web Security Suite and Dr.Web Anti-virus for Android which can filter access to fraudulent resources — cybercriminals can use a phishing page on which they ask you to enter your password.

6. Use the capabilities of your operating system or special utilities to check the list of software on your computer and whether it contains software that you did not install. If you are using a mail client and not a web mail interface, cybercriminals can use a program to recover passwords used to access the mail client after penetrating the system. To do this, they just need to know what mail client the victim uses and be able to install it.

   If the installed program seems suspicious to you, we recommend that you contact Doctor Web's technical support service or, if you have the opportunity, use the Dr.Web vxCube service by downloading the suspicious program into it to analyse its behaviour.

7. Install updates to make it harder for intruders to penetrate your computer and do things to get your data.

8. To eliminate the possibility of unauthorised installation, you should not work under an account that lets you install programs, including under an administrator account. This will make it more difficult for malware to penetrate your computer and for attackers to download dual-purpose utilities that can crack passwords, for example.

9. Anti brute-force protection must be configured on your company's mail server if you are using your corporate email.

10. To access your email, use strong passwords that don't match passwords used to access other services. In this case, a leak of service passwords will not give attackers access to your email.

11. When using your personal computer, create a special account with which you will work with corporate mail and company data.

12. Never divulge your corporate email passwords to anyone. If you temporarily provide someone with access to your email (for example, while on vacation), afterwards change your password—you can never be sure that no one will be able to access your password (for example, it could have been stored in a password manager).

13. When you finish working with the web mail interface, close the session by clicking on the Exit button or one that serves the same purpose. This will prevent cybercriminals from continuing the work on your behalf.

14. At the end of your work day, if you do not turn off your computer and aren’t planning to work with your email, close the session for the web mail interface and the mail client if you use it.

15. If possible, do not use different locally stored password managers— passwords stored this way can be stolen if cybercriminals get access to the password manager.

16. Criminals take active advantage of social engineering techniques; they write email messages so that they are similar to emails sent from real organisations and indicate contacts who are familiar to you as senders. Be careful when receiving email messages via a web mail interface. Never open suspicious emails and attachments.