E-mail hygiene

Phishing e-mails are the most common gateway for cyber attacks. Therefore, please observe the following recommendations when dealing with e-mails:

Check authenticity

Check incoming e-mails for authenticity:

  • Check whether the sender address used is an address you know and has already been used by this person in previous emails. If in doubt, call the person who (allegedly) sent the e-mail.
  • Please note that the display name (e.g. Team Information Security) could be forged and can be freely chosen by the sender. You must therefore always check the sender address: does the e-mail come from dangerousguy@hack.ru instead of informationssicherheit@hochschule-trier.de, for example?
  • Before you click, check the destination addresses of links contained in an e-mail. If you are not sure, call the person who (allegedly) sent the e-mail to find out.
  • Only open e-mail attachments if you are expecting an e-mail with a corresponding attachment. If in doubt, call the person who (allegedly) sent the e-mail.
Avoid e-mail attachments

If possible, do not use e-mail to share documents or similar with other people. Use alternatives such as Seafile. Especially when communicating with external persons!

Email forwarding/email collection services are not permitted
  • Forwarding work emails or connecting the university mailbox to the private email account is not permitted in accordance with point 10 of the IT policy. If you have set up such forwarding, please delete it immediately.

  • The use of e-mail collection services is also not permitted.

     

Permitted e-mail clients

Avoid using the new Outlook (Outlook new) on your computer. The use of the Outlook app on mobile devices is also not permitted. More detailed information can be found here:

Permitted e-mail clients

Use e-mail distribution lists carefully
  • Check whether you have selected the correct e-mail distribution list. This will prevent sensitive content from being forwarded to the wrong group of people. The RZ offers tools to help you find the right e-mail distribution list.

  • Always keep the number of recipients as small as possible.

     

Clean up email inboxes

Tidy up your email inboxes and delete outdated or no longer needed emails:

  • It is best to directly delete all emails that are not relevant to you or that you have already read (example: job descriptions, info emails, ...).
  • Also remember to clean/delete your SPAM folder, the "Sent items" folder and your recycle bin from time to time.
  • Keep your mailbox as lean as possible. Successful phishing attempts often result in entire mailboxes being stolen. These stolen e-mails then end up on the Internet and are the templates for new, even more sophisticated phishing attempts.
  • The leaking of a mailbox also constitutes a data protection incident that may have to be reported to the state data protection officer. Mailboxes with a small amount of data pose less of a risk to data protection.
Report security incidents

If you have fallen for a phishing attempt or notice unusual activity in your mailbox, always contact sicherheitsvorfall(at)hochschule-trier.de immediately.

back-to-top nach oben