University of Hamburg - to research, to teach, to educate and form, to homepage
RRZ
Regional Computing
Center (RRZ)

Photo: UHH, RRZ/MCC

Protection against phishing

What is phishing?

Phishing is the attempt to obtain passwords and/or personal information using fake emails, which can then be misused for various purposes. Within the University of Hamburg, phishing causes the most damage when stolen passwords are used to send spam emails via the university mail server. This is virtually impossible to prevent automatically, but it can lead to our mail server being identified as a “spammer” and no longer being able to deliver emails worldwide. Thus, a small oversight on the part of one user can result in approximately 10,000 users being unable to send emails.

How can I recognize a phishing email?

Real examples

Example 1

In this example, it is very easy to see that neither the sender nor the link contained in the email has anything to do with the UHH.

  • Do not click on anything! Delete the email immediately!

Example 2

In this example, the impression is given that the email originates from the responsible IT department (e.g., the RRZ), as the content of the email suggests that there is a problem with the access data.

It is not immediately apparent where the links contained in the email lead to. The sender is similar to or even identical to a legitimate @uni-hamburg.de email address.

You can check a link contained in an email by hovering your mouse over the link WITHOUT clicking on it. The link destination will then be displayed. In Outlook, it appears directly next to the mouse pointer. In other email programs (e.g., Thunderbird), it appears at the bottom of the window.

  • Do not click on anything! Delete the email immediately!


Another suspicious aspect of this example is that the email is written in English only.

Basic tips and help

Phishing emails usually start by trying to make the recipient feel uncertain or panicky. They use topics that affect a lot of people worldwide, like “Your account has been hacked” or “Your email quota is full.” Then they tell you that you need to act fast and send you to a website where you can fix the problem by entering your user info.

In addition to the tips described above, the following tips should also help you to easily recognize whether an email is a genuine warning (e.g., from the computer center) or a phishing email:

  1. Check whether the content of the email actually makes sense. For example, if it refers to a full mailbox, first check whether your mailbox is really full.
  2. Look at the sender's address. We will never send you an email from an address outside the university.
  3. If the link provided refers to an address outside the university, stay away!
  4. Never simply click on a link provided, even if the address contains “uni-hamburg.de.” Instead, type the address yourself into the address field of your browser. The address displayed and the address you actually click on are easy to fake!
  5. Pay attention to the wording in the subject line and email text: Very often, the German translations of phishing emails are automatically generated, resulting in grammatical nonsense. All employees at the computer center are proficient enough in German to express ourselves clearly and concisely (apart from typos, of course)!
  6. The RRZ will never ask you to send your password by email or give it over the phone!
  7. Attachments ending in .zip are usually attacks via the Windows archiving program, unless you are expecting them from this sender. Unpacking the archive installs a Trojan or worm. Never open such attachments!
  8. As a general rule for attachments: Use common sense to check whether the attached file is plausible! For example, no company in the world will send you an invoice as a Word document (.doc). Executable programs (.exe) or JavaScript code (.js) also usually make no sense – unless you have agreed with the sender beforehand that they will send you this attachment.

None of these clues are definitive, all indicators can be faked and are sometimes exploited very cleverly. But 95% of all phishing attempts are easy to spot based on these clues.

Source: