Dear Ladies and Gentlemen!
Due to the current Corona crisis, we would like to draw your attention to the following:
Many people are understandably concerned by the current situation. This is exactly what cybercriminals exploit!
In the near future you will therefore have to reckon with criminals under the guise of "Corona" trying to get your passwords, gaining the unauthorized disclosure of procedural data or installing malware on your computer.
For example, this could happen as follows:
- A website prompts you to enter your details to stay up to date with the latest developments related to Corona.
- A mail asks you to install new teleworking software.
- An e-mail asks you to send parts of the file via e-mail without prior telephone contact.
- A mail asks you to enter your password on a website to activate the new collaboration tool (video conferencing, chat tools, ...).
- A pop-up window will appear on your screen asking the "security team" to click a link.
Therefore, please observe the following security principles:
- Be skeptical if you e.g. be asked by e-mail about unusual or seemingly necessary actions or be referred to pages on which you should enter a password. Keep in mind that the sender's address or name can be falsified in emails.
- Check the correctness: Fundamental changes of processes in an organization are announced on its homepage. If you are unsure, ask the responsible body. You can also use a search engine to look up keywords: widespread fraud is often known and documented.
- Enter your password only on websites where the address [the expected domain name] is immediately before the first slash.
https: // portal.justiz.gv.at/
https://webhoster-a.com/stp.portal.justiz.gv.at (different domain name before the first slash)
https: //[email protected]/ (in front of the first slash is "something", not "justiz.gv.at")
- The IT security team will never send you an email or popup to click a link outside of the intranet. If you have any questions, take your contact person from an independent, secure source (e.g. the website) and do not use any contact persons who are named directly in the message, whose authenticity you want to check!
Always look at the entire email address and make sure that the part behind the @ corresponds to the domain from which you expect the message (e.g. @ justiz.gv.at)
If you have entered an office-relevant password on an insecure website, immediately inform your IT contact points (IT operator, IT administration or IT training center or helpline) and change the password.