For the secure use of emails, it is not necessary to install new software. Many e-mail providers offer webmail accounts you may use via Internet access with your browser. It is important to make sure to use an encrypted connection (HTTPS) to the inbox in order to benefit from the protection mechanisms of your browser. Please make sure that the encryption is not only enabled for the login process, but during the entire time the webmail account is being used.

If you require more extensive comfort and functionality when working with e-mails, you should select an up-to-date and widely used e-mail client and configure this securely. This will, for example, help to exclude the possibility of providing any additional vulnerabilities that could be used to run malicious code on your computer.

• When using e-mail programs, make sure that they use the transfer protocols (POP3S, IMAPS, SMTPS).
• You must avoid the representation and generation of emails in HTML format.
• Disable external content, such as images in HTML e-mails, from being displayed.

Video: Improve Your E-mail Security in 3 Seconds

You can reduce the risks with just a 3-second security check. The sender, subject and attachment are three critical points that you should consider before opening any e-mail. Do you know the sender? Does the subject make sense? Are you expecting an attachment from this sender? Combined, these questions provide a good indication of whether the e-mail should be considered trustworthy. In many spam e-mails, the subject is deliberately vaguely worded, such as "your invoice", "warning", or "urgent message".

When this happens, it is particularly important to check whether a message from that sender seems to make sense, particularly when it is sent with an e-mail attachment. For example, if you receive an e-mail with the subject line "invoice" from an online shop that you are registered with, but that you are not expecting an order from, this may suggest that it is a spam e-mail. Question every email you receive, and if your review of the three checkpoints (sender, subject and attachment) do not together present a coherent picture, the BSI recommends that you delete the e-mail before even opening it. If in doubt, you should ask the sender in person if they sent you an e-mail before opening it.

Malware

In recent years, a variety of malwares have been developed that read the contact information and e-mail contents in the inboxes of infected systems. Perpetrators use this information to spread that malware further. For non-experts, it may not be immediately obvious whether an email has been sent with malicious intent.

You can find out how can you protect yourself and what you can do if you are affected in the article "Emotet Special Case". Because of the Emotet takedown, Emotet is no longer a major threat. However, other malware can use the same process or in some cases use the process in a similar way, which means the following information may still be useful.