IT-department Trier

Awarness: Phishing mails and passwords

Phishing emails continue to be the biggest gateway for attackers and the first step in a successful ransomware attack. The threat level, especially for the university, remains very high.

Every day, phishing and spam emails are reported to the computer centres by university staff. Nevertheless, it is impossible to prevent phishing emails from being delivered and landing in your inbox. Continue to be on your guard and, if in doubt, ask what to do if you receive a suspicious email.

The BSI podcast from October 2021 "Udate verfügbar - Folge 14: Zugriff verweigert! – Erpressung mit Ransomware" vividly describes what it means for an institution to fall victim to a ransomware attack. This is exactly what happened to the TU Berlin in spring 2021.

Other important topics

What exactly do the computer centres at Trier University of Applied Sciences do to counteract dangerous e-mails?

A suspicious e-mail is analysed for typical spam or phishing characteristics. If the suspicion is confirmed, a report is manually initiated at the portal. There, the sender's address ends up on block lists that are available to all email providers for retrieval and the operator of the blocked email address is informed.

At the same time, our internal SPAM filters are automatically trained with the content of the email so that similar emails can be recognised more quickly in the future and marked accordingly. Depending on the location, emails marked as SPAM are either moved directly to or can be handled independently by users using inbox rules. Additional filter lists are created manually using the meta data of frequently recurring SPAM emails.

Additional measures for phishing e-mails:

We classify a phishing e-mail as a SPAM e-mail that wants to steal a login name and password. It is irrelevant whether the target is your university account, your bank account or similar.
If a phishing e-mail contains references to external websites (links), access to the URL is blocked. These filters cover all computers in the campus networks, WLAN and VPN. However, if you read the e-mail at home or on the road and without an active VPN connection, this access block does not apply!
A dangerous phishing email is one that deliberately asks for your university account. These targeted e-mails, if they contain a recurring attachment, are passed on to the virus scanner for study and ultimately rejected by the e-mail system. However, if they use sender addresses that are merely similar, we will only block them in exceptional cases. Since phishing e-mails are often sent from actually legitimate but hacked mailboxes, a permanent rejection of these sender addresses is not effective and information to the operator of the sender address is absolutely necessary. These measures require a case-by-case assessment by experienced administrators.

If a dangerous pishing campaign is circulating throughout the university, we will immediately publish a news item on the Computer Centre website. We also send targeted e-mails to the group of people who have actually received this phishing e-mail.

Passwords receive stronger hash values

In order for us to be able to check your access data (login name and password) when you log in to services or systems of the university, these must be stored on our servers. To ensure that no one can read your password, it is not stored in plain text but "encrypted" as a hash value. To meet current requirements, we have changed the previous hash algorithm to a newer and more secure variant. To benefit from this security gain, you must change your password once. This replaces the previous hash value with a new one. At the same time, we have slightly increased the requirements for a secure password and adapted them to current recommendations.

IMPORTANT: Only change your password via the designated web pages of the computer centres! If your chosen password does not meet the requirements, you will receive appropriate notices and messages during the change.

Please continue to be particularly attentive when you are requested to change your password by e-mail. The data centres do not send out links to change your password! If you are not sure, please ask us at the Helpdesk.

back-to-top nach oben