BSI security test positive - what to do?

If the BSI security test is positive for you, there are some basic security tips in addition to immediate measures. We present both.

Positive BSI test: the immediate measures

The BSI itself gives the most important tips that you should take into account as a victim of a botnet hack - in the email you receive when the BSI security test strikes you (see screenshot):

1. Check your computer with a virus protection program to track down the malware that the botnet used to spy on your mail data. You can find an overview of good and sometimes free antivirus programs in the CHIP top downloads.
2. Change the password of the hacked email account. We explain how a good password should look like in the practical tip "What is a secure password"?
3. For security reasons, you should also change the passwords of other accounts - e.g. your Facebook login, your Amazon or Ebay account or the login data for online shops. This applies in particular if you use the same or similar passwords there as in your mail account.
4. Assign different and clearly different passwords for each of these logins. You should also change all important passwords regularly. We have explained here how this works, for example, with a GMX account.
5. Note that a virus scan will not necessarily "hit" and detect botnet malware - your account may have been spied in a different way.
6. Tip: How to install and configure the popular Avira virus protection program, for example, is explained in the two linked instructions.
7. We have also summarized virus protection tips for the Mac in an extra article.
8. You can also protect your Android phone or tablet from viruses. We found the best Android virus scanners in our large comparison. You can download one of the three test winners, Kaspersky for Android, here.

How do you protect yourself from botnet hacks or phishing in the long term?

The BSI has compiled an overview of basic security measures here. In addition, note the following tips:

• If your virus scanner does not yet have this function: Set up a firewall under Windows.
• Avoid surfing in public networks (e.g. in the internet café) or unsecured WLANs on sensitive websites where you have to log in - especially e.g. on webmail portals.
• Get a second email (at least). Via your - hopefully well protected - primary address you will continue to run important private mails or logins; you use the second address to register, for example, in forums, newsletters or infrequently used web services. If these are then spied on, the hacker steals only relatively unimportant access data.
• Alternatively, get a disposable email for such "temporary" logins. You will find popular providers on CHIP practical tips as well as some alternatives to the well-known "10 Minute Mail".
• Phishing - the "fishing" of access data via fake emails - is also a popular hacker method. This practical tip provides protection tips; be warned of Twitter as a gateway for phishing.