E-mail hygiene

Check incoming e-mails for authenticity:

• Check whether the sender address used is an address you know and has already been used by this person in previous emails. If in doubt, call the person who (allegedly) sent the e-mail.
• Please note that the display name (e.g. Team Information Security) could be forged and can be freely chosen by the sender. You must therefore always check the sender address: does the e-mail come from dangerousguy@hack.ru instead of informationssicherheit@hochschule-trier.de, for example?
• Before you click, check the destination addresses of links contained in an e-mail. If you are not sure, call the person who (allegedly) sent the e-mail to find out.
• Only open e-mail attachments if you are expecting an e-mail with a corresponding attachment. If in doubt, call the person who (allegedly) sent the e-mail.

If possible, do not use e-mail to share documents or similar with other people. Use alternatives such as Seafile. Especially when communicating with external persons!

• Forwarding work emails or connecting the university mailbox to the private email account is not permitted in accordance with point 10 of the IT policy. If you have set up such forwarding, please delete it immediately.

• The use of e-mail collection services is also not permitted.

   

• Check whether you have selected the correct e-mail distribution list. This will prevent sensitive content from being forwarded to the wrong group of people. The RZ offers tools to help you find the right e-mail distribution list.

• Always keep the number of recipients as small as possible.

   

Tidy up your email inboxes and delete outdated or no longer needed emails:

• It is best to directly delete all emails that are not relevant to you or that you have already read (example: job descriptions, info emails, ...).
• Also remember to clean/delete your SPAM folder, the "Sent items" folder and your recycle bin from time to time.
• Keep your mailbox as lean as possible. Successful phishing attempts often result in entire mailboxes being stolen. These stolen e-mails then end up on the Internet and are the templates for new, even more sophisticated phishing attempts.
• The leaking of a mailbox also constitutes a data protection incident that may have to be reported to the state data protection officer. Mailboxes with a small amount of data pose less of a risk to data protection.

If you have fallen for a phishing attempt or notice unusual activity in your mailbox, always contact sicherheitsvorfall(at)hochschule-trier.de immediately.