How to recognise Phishing Mails

Keep your software up to date

Cybercriminals exploit existing security gaps in browsers, mail clients and other software. Most manufacturers therefore publish updates at short intervals, that close the gaps that have become known (‘patches’). You should install these security updates, as soon as possible. Many manufacturers inform you automatically. The German Federal Office for Information Security (BSI) also provides further information in the newsletter ‘Sicher - Informiert’, which is published every fortnight by the BSI's BÜRGER-CERT www.buerger-cert.de.

 

Check the security status of the website!

These points are particularly important:

Look out for the lock symbol in the status bar of your browser. Only when this symbol appears will your data be transmitted in encrypted form (using the SSL protocol). When you click on the lock symbol, a window (‘certificate’) opens with information about the operator of the website. The name of the website given there must match the name in the status bar. The certificate must also have been issued by a recognised authority. There are now a large number of private and public providers of certificates. The Federal Network Agency(Bundesnetzangentur) is the responsible authority and publishes the names of those providers, that it has checked, on its website. Your browser will display a warning message if a certificate has expired or has an insecure origin.

Make sure that the web address (URL, Uniform Resource Locator) in the address bar begins with ‘https’ and not ‘http’ as is usually the case - this is a clear indication that an SSL-secured connection has been established. Unfortunately, Cybercriminals can also forge the ‘https’ in the URL. As a security check, it helps to call up the ‘Page information’ area after clicking with the right mouse button and look up the source there.

Use the NoPhish-Training of the SECUSO-Research group

watch the  Anti-Phishing-Videos of the SECUSO-research group auf YouTube an.

Find further information here: SECUSO-research group TU Darmstadt

legitimate providers...

Banks, online shops and other legitimite providers are of course aware of the tricks used by phishers and therefore never send e-mails, with links asking you to enter confidential data. If you receive such a request by e-mail, you should delete it immediately. If you are unsure, simply call your business partner and ask - but never simply click on links in emails. The same of course applies to phone calls - never enter passwords, PINs or TANs using the telephone keypad or voice computer if someone calls you and asks you to do so.

Be careful when browsing with emails

Do not click on links contained in e-mails, but always type in the Internet addresses of the pages you want to access manually!

Do not respond to alleged calls from your bank or a supposed business partners asking you to enter your PIN or TAN - for example, claiming that your credit card has been lost.

Always switch off the "Run active content" function in your browser. If you do not want to or cannot do without it (because some websites do not work without active content), set your browser so that it asks you in each individual case whether active content may be executed.

Only open e-mails and the attachments they contain, if they come from a trustworthy source.

Use a firewall and anti-virus software and make sure it is updated regularly.

Ensure that all software updates for the operating system and other software are installed as soon as they are released and use the automatic updates offered!

watch the  Anti-Phishing-Videos of the  SECUSO-research group on  YouTube.

If it does happen!

As a member of TU Braunschweig, please inform the GITZ immediately via the Service Desk! The staff responsible for security issues can follow up the incident and check whether any damage has been caused. Otherwise: If sums have already been transferred without authorisation, please contact the police immediately - in compliance with your employer's regulations, if applicable.

See:BSI - Spam, Phishing & Co (bund.de)

 

Affected?

Here you can test whether your e-mail address appears in one of the known data leaks/hacks:

“Have I been pwned?”-Infoseite