A healthy dose of suspicion is the most important form of protection against spam. In particular, when you receive a request for a payment via e-mail, first check separately whether you even have an unpaid invoice with the online retailer or streaming provider. If this is not the case, delete the e-mail immediately.

In addition, never open the attachment if you find an e-mail suspicious. Even if it seems to be a harmless file. Malware can hide in more than just ZIP archives and EXE program files: Word files, Excel spreadsheets and even digital images can contain it. Do be especially careful before you click on images embedded in e-mails in HTML format.

Images, too, can contain malicious code. Even if this is not the case, clicking the image in an HTML e-mail always connects you to a server. This allows the sender to see that your e-mail address is active. The consequences: more spam for you. Do you read your e-mails in a web browser? Or is it not possible to disable HTML formatting in your e-mail client? This might be a reason to switch to a more mainstream e-mail program that does offer this option.

Never respond to requests to provide personal data.

You should never respond to requests to provide personal data, even if you are threatened with dunning notices, legal fees or other consequences. The same applies to the often perfect imitations of e-mails that appear to have been sent from official agencies like public authorities or banks. Always be on your guard and use the telephone to check whether the message is real.

Do not respond to e-mails you think might be spam. Replies tell the spammers that your e-mail address is real. We recommend reporting unwanted advertising mails immediately, for example to the Internet-Beschwerdestelle (in Germany) and then to delete the mails. It is also advisable to enter yourself on the free Robinson lists offered by the I.D.I. Interessenverband Deutsches Internet e.V. The German Federal Network Agency also provides support for defending yourself against spam mails and telephone advertising calls. You should also enable the anti-spam protection offered by your e-mail application to stop the flood of spam mails. Check whether and under what conditions your e-mail provider makes such protection available.

Warning about malware supposedly sent from the BSI

Mails supposedly sent by the BSI, have over the years been misused for spam e-mails. One current campaign includes 'Warning! Your user data have been compromised!' in the subject line, for example. However, caution is required, here. The BSI never publishes warnings in mass e-mails. Instead, it informs readers about current threats on this website. The BSI sends any recommendations to the press for distribution.

If you ever receive an e-mail that appears to be from the BSI, do not click any links it may include or open any attachment. It is highly likely that the attachment contains malware and the link would open a manipulated website. In one such case, cyber criminals under the guise of the BSI sent an attachment containing Sodinokibi, a treacherous piece of ransomware.