Phishing refers to the attempt to obtain your personal data, usually with the aim of fraudulently misusing your account. One of many phishing methods is the sending of e-mails that ask the recipient to disclose personal data, e.g. via a linked website. Often both the e-mail and the website of another trustworthy organization (e.g. university, government agency, bank) are replicated.
Active measures taken by RHRZ against phishing e-mails:
- Use of SPAM, virus and phishing detection measures. E-mails from insecure sources and with potentially undesirable content are not accepted by the TU (no e-mails are rejected!) However, this method usually does not allow phishing e-mails tailored to the RPTU to be fended off.
- IP addresses of external servers are blocked by the RPTU network if they are linked in phishing e-mails that are specifically directed at users of the RPTU. This at least protects users within the campus network.
- The IP address of the linked web server of a phishing attack is reported to the respective provider.
Passive measures taken by RHRZ against phishing emails:
- You will never receive a request from RHRZ - as well as from any other trustworthy service provider - to send a password or similar via e-mail.
- In the case of administrative notices, e.g. to the RHRZ password page, you will always be asked to navigate to the respective page independently using the known URL.
- The RHRZ website is only accessible via the secure https protocol. This is indicated graphically in the address line of your browser (usually by a "padlock" symbol). Phishing websites usually only use 'http'.
Tips for protection against phishing e-mails:
Unfortunately, security cannot be fully automated, so every user is responsible for their own IT systems.
- E-mail sender addresses are free text; fraudsters can enter any name and address here. A known sender address is no guarantee for a trustworthy sender.
- Only click on a link in an e-mail if you are sure that the link is legitimate. Under no circumstances should you click on links that ask you to provide passwords, e-mail addresses or other personal information.
- Note that just visiting a compromised website can result in malware being installed on your PC, smartphone or tablet. Your e-mail program should therefore not allow active content.
- Phishing e-mails are often written in very poor German or English. Particularly noticeable are grammar errors, missing umlauts or character set errors. However, the wording of phishing e-mails is getting better and better.
- If you accidentally disclose your password, please change it immediately so that it cannot be misused to your detriment.
Further information from the Federal Office for Information Security (BSI):