Email Security and Phishing

Email Security and Phishing

Emails have become indispensable in both our professional and private lives. But precisely because of their popularity, they are a favorite entry point for phishing, malware and data theft. Here you’ll learn how to protect yourself—and TU Braunschweig—from digital traps. Always keep in mind that an email is essentially like a postcard and could be read at various points. Therefore, use the appropriate security certificates. As a member of TU Braunschweig, you can apply for an email certificate.

If you ever feel uncertain despite following these tips, verify the contents of any suspicious email via another communication channel. In short: just pick up the phone and call!

What is phishing?

Phishing is a method by which Internet users are deceived via fraudulent email messages or websites in order to disclose personal or confidential information, such as passwords (password fishing).

Other types of phishing:

  • Smishing (via SMS)  
  • Quishing (via QR code)  
  • Vishing (via telephone)

How can you recognize phishing?

  • Unusual sender address: Check the sender’s email address. Often it’s slightly altered or comes from an odd domain.  
  • Impersonal greeting: Phishing messages often use generic salutations like “Dear Customer” instead of your name.  
  • Threats or unexpected demands: If the email threatens drastic measures or demands immediate action (e.g. “Your account will be suspended”), exercise caution.  
  • Links and attachments: Hover over links without clicking to inspect their targets. Requests for personal data or unexpected attachments are warning signs.  
  • Requests for personal information: Legitimate organizations—including TU Braunschweig—will never ask you for sensitive information like passwords or bank details via email or phone.
Example of a real phishing email:
Phishing-Mail mit Merkmalen
  1. Checkbox: The sender’s email address is not a TU Braunschweig address (→ Service Desk). The recipient’s address also doesn’t match the legitimate account.  
  2. Checkbox: A generic, nameless greeting in an otherwise personalized message is a red flag for phishing. GITZ does not communicate this way.  
  3. Checkbox: The link is forged. Although it contains “tu-braunschweig,” the crucial part is its start—here: “s3.us-east-2.amazonaws.com.”  
  4. Checkbox: GITZ and other official units never send communications without a proper signature.

How links and domains work

Links und Domains

Always make sure that the domain in any email link is spelled exactly and without errors (e.g. tu-braunschweig.de, not braunschwieg.de). Hover your mouse over the link (or long-press on a smartphone) to verify that the visible URL matches its actual destination, and check that sender addresses such as “servicedesk@rz.tu-bs.de” really belong to your institution. Read the URL from right to left to clearly identify the top-level domain (.de, .com, etc.), the main domain (e.g. tu-braunschweig) and any subdomains (e.g. informationsportal). Spoofing attempts often add extra levels—for example, in “tu-braunschweig.de.service-desk.de”, “service-desk” is the main domain and “tu-braunschweig” is only a subdomain.

Examples of genuine domains:

  • informationsportal.tu-braunschweig.de/portal/mybic  
  • servicedesk@rz.tu-bs.de

Examples of fake domains:

  • informationsportal.tu-braunschwieg.de  
  • servicedesk@tu-braunschweig.de.service-desk.de

Report phishing emails

Send as an attachment to phishing@tu-braunschweig.de.

Have you entered your data or noticed unusual behavior on your computer?

Change your password:  
https://www.tu-braunschweig.de/it/passwort-aendern 

Get in touch with us!  

  • By phone: 55630 (outside regular hours via GITZ: 55555)  
  • By email: soc@tu-braunschweig.de or it-sicherheit@tu-braunschweig.de