NIS2, Are you on scope?
Belgium's new cybersecurity law enters into force. Check it out now.
What is it, how to protect from it and how to react to it.
A spam is an unsolicited message received for advertisement, marketing or malicious purposes. It can be of two types:
Scams can happen through SMS, email or social media. As it is impossible to predict the time of a potential cyber-attack, all unexpected messages should be paid enough attention to. The most known cyber-attack using unexpected messages is phishing. To help assess the legitimacy of a message, the following questions can serve as a first indication of a scam:
Filtering or anti-spam software can help limit the number of spam received. Some antivirus allow you to configure that option.
Most email service providers offer the possibility to create filtering rules to filter and/or delete junk messages.
Some operators offer the possibility to filter phone numbers and identify those that can potentially be a spam.
Email addresses can figure in the wrong database, used for spamming purposes, without the user’s consent. Before accepting any kind of communication or subscription, check the legitimacy of the website by:
The beginning of a web address should be displaying https, not only http. This indicates that the information the visitors are providing can only be read by the website itself. The ‘S’ should always be there when surfing online, however, despite https the website might still be malicious.
As soon as an account is not used anymore, it is better to delete it completely to make sure the information it contains cannot be accessed without the owner’s knowledge.
A good practice to adopt is to use separate accounts for different purposes, e.g., social media, personal, professional, commercial sites, etc.
The difference between professional and personal life is becoming more and more difficult to make. You can find best practices for separating professional and personal usage on our dedicated article, such as:
Social media have become an important asset for organisations to use for communication and information. Despite the benefits those publicly available platforms might bring, they can also become a huge attack surface and be used for spam. Every organisation needs to make sure that all its social media are secured correctly by applying for example, the following best practices:
All information on how to secure social media can be found on our dedicated article.
The most important thing to do when getting a spam message is to not follow-up on it.
Keep in mind that no banks will ever provide a direct link to log into a bank account via text or email, and they will never ask for pin or secret codes, whether in writing, or by phone.
The spam message should be reported to the IT responsible and to the relevant national authority (suspicious@safeonweb.be (EN); suspect@safeonweb.be (FR); verdacht@safeonweb.be (NL/DE)) and immediately deleted. When a message is already in the Spam folder, it should definitely not be trusted.
Report every incident. Always.
Always report any incident that might have happened to you, that you witnessed, or that you are aware of to your IT responsible. The sooner the right people can act on it, the smaller the consequences of the incident.
The aim of this content is to share and raise awareness of good cyber security practice.
Some of this advice may apply differently depending on the context of your organisation.
Always comply with the policy and instructions in force in your organisation.
If in doubt, always ask your IT manager for advice first.