The danger posed by phishing emails is often underestimated, so here are some checkpoints to keep in mind:

Recognise spam / phishing e-mails

  • SPAM mails advertise products or mimics newsletters, while phishing targets you or your group directly.
  • These mails often contain attached malware. This is why you should never open an e-mail attachment from a sender you do not know.
    Text in a spam mails often contains a link that leads to a malicious website: one careless click opens in your browser a fake website that could be infected with malware.
  • The mail does not address you personally (usually), instead beginning with "Dear customer...".
  • The text informs you that you must do something immediately, or else. "If you do not update your data right away, they will be deleted forever..."
  • The text uses threats: "If you do not do this, we must unfortunately lock your account..."
  • The text requires you to enter confidential data like the PIN for your online banking or a credit card number.
  • The e-mail contains links or forms with suspicious URLs containing cryptic web addresses and Top-Level Domains like "*.to, *.me".
  • The message text is poorly written and images appear incorrectly formatted or scaled.
  • The text contains Cyrillic letters or incorrect or missing special characters.
  • If you have doubts about the origin, hover over links and sender addresses to see the links they point to. Sometimes, displayed names such as "University Administration" refer to "gotcha@evilcorp.to.me".

If you receive a suspicious email from a colleague, you can ask in return about the validity of the received message.

What you can do


"Spam" is actually a can of "spiced pork and ham". The use for e-mails goes back to a sketch by the comedian Monty Python.
E-mail spam has steadily grown since the early 1990s and is estimated to account 90% of total e-mail traffic.

Further information

  1. FSU Jena - URZ Phishing Service (de/en)
  2. Schutz vor Phishing (de)
  3. BSI information on spam (en | de)
  4. BSI information on phishing e-mail (en | de)
  5. Wikipedia (en | de)