IT-Security

Current: Marking of external e-mails and new security features -

In recent months, spam and phishing e-mails have repeatedly circulated at the Viadrina. Such fraudulent e-mails pose a considerable security risk and are increasingly professional and personalized in design.
Therefore, the following security measures have now been introduced at Viadrina:

1. mails from external e-mail addresses are marked with the abbreviation [ EXT ] in the subject line. If you are
are not sure whether an e-mail is an attempt at fraud, this marking can be an important indication.
For example, if an email claims to be from a colleague (internal mail account) but the subject line says "[EXT]", you should assume that it is a spoofed email and therefore a fraud attempt.
Please forward such suspicious mails as attachments to spam@europa-uni.de for verification.

2. another measure is the consistent use of e-mail certificates by the IKMZ.
All e-mails concerning user accounts/email will be sent exclusively via the sender address
it-support@europa-uni.de.
The address is secured by a DFN certificate and ensures that this e-mail really comes from the specified sender.
You can recognize a digitally signed e-mail by a red loop in front of the sender's address in Outlook, for example.

If you have any questions, please contact: it-support@europa-uni.de.

With the following tips you can protect your end devices and the IT systems of the university!

1. Validate the sender!

The sender displayed in your mail program is not always the true sender of an e-mail. Fraudsters try to disguise the real mail address.
You can determine the real sender in the properties of an e-mail.
If the displayed sender and the sender in the properties differ, this is a suspicious sign and usually indicates a phishing e-mail.
Especially in the case of unknown senders, exercise caution and delete the e-mail!

2. Are they expecting an email from the supposed sender?

Be especially careful if there are file attachments or embedded links in the email.
If in doubt, check with the sender before downloading or opening an attached file.
Disable the execution of macros by default in Word or Excel before opening such attachments.
This is important because it prevents scripts or programs with malicious code from running in the background when opening documents.

3. Check the links in e-mails!

Phishing e-mails usually contain "click here" type links. Be careful and do not click on them lightly!
If you move your mouse over the link without clicking on it, you will usually be shown which web address is hidden behind the link.
Often the correct address is extended and a domain of the attacker is appended.
e.g. https://owa.europa-uni.de.phishing.biz - so look carefully and do not click on such suspicious links.

4. Be careful when handling personal access data!

Exercise caution when you are asked to enter personal data online. This is a way for fraudsters to obtain your data.
Important to know: The IKMZ will never send you an e-mail with a direct link to a login mask.

5. How can I often recognise phishing mails?

Clues may include:

an unusual writing style, deceptive subject, grammatical and spelling errors
a missing name in the salutation or an / unusual form of address
a supposedly urgent need for action is created, for example by asking you to act quickly - sometimes this is even combined with a threat. You should be suspicious of such conspicuous features.

6. You have received a suspicious email

and would like to send them to the IKMZ for review/information.

Please forward suspicious mails as attachments to spam@europa-uni.de as follows:

Create a new email
Drag the message to be attached from the message list
In Outlook, the e-mail will then be attached to the new message as an "Outlook item".
Send the new message with the attached e-mail as an attachment.
Then DELETE the e-mail from your inbox!

7. You have been deceived and have disclosed access data

or malware downloaded/ installed, what should you do?

Keep calm. If possible, change your associated password immediately!
Disconnect the affected device from the network/WLAN!
Immediately inform the support via mail to it-support@europa-uni.de about the suspected security incident.
They will contact you as soon as possible.

Consistent application of the rules described creates basic security against current threats.

If you have any further questions, please do not hesitate to contact the colleagues at the IKMZ.

NoPhish Video I: Verifying sender & detecting dangerous attachments

NoPhish Video II: Detecting dangerous links

These videos were created by the Karlsruhe Institute of Technology as part of the NoPhish concept, which kindly allowed us to use them.

EUV-interner Bereich

IT-Support

☎ Ticketsystem (euv-intern)

✉ it-support

Alle IT-Support Kontakte
auf einen Blick