Safer Internet Day: BSI and DsiN debunk myths about email security. For most people, it is hard to imagine their digital lives without email.

However, this can also pose dangers – not only because the email inbox is a popular target for phishing attacks, for example. The German Federal Office for Information Security (BSI) and Deutschland sicher im Netz (DsiN) would therefore like to work together to educate people on how to use email securely. On Safer Internet Day (SID), they are taking a closer look at myths surrounding the security of email communication. Safer Internet Day is a day of action dedicated to the safe use of digital media. Caroline Krohn, head of the Digital Consumer Protection department at the BSI: ‘Even the sender of an email is comparatively easy to manipulate. Therefore, it is always advisable to display the sender’s full email address. If the displayed sender name and email address do not match, caution is advised. As a general rule, links and attachments should only be opened with caution, because even a device from an otherwise trustworthy sender can be infected with malware.’

The BSI and DsiN also recommend protecting access to your own email inbox with a combination of a strong password and two-factor authentication. If unauthorised persons obtain the password, for example through a phishing attack, it is no longer sufficient to take over the respective user account. Passkeys also offer a secure alternative to passwords: since users no longer have to remember a password thanks to the password-free process, it can no longer fall into the wrong hands. Isabelle Rosière, DsiN Managing Director: ‘Phishing scams are becoming increasingly sophisticated: sometimes they also manage to bypass two-factor authentication. Cybercriminals create deceptively realistic-looking websites that mimic well-known sites. While users enter their password and the one-time code from their authentication app, attackers read the data in real time and access the user account. Mistrust is appropriate, for example, when an institution asks for access data to be passed on by email or phone.’

On its website, the BSI takes a closer look at the myths surrounding the security of email communication, from phishing emails to email encryption, and provides consumers with low-threshold recommendations for prevention.