Event details

26. June 2023

[Info] Notes on the secure handling of e-mails

In view of the current waves of phishing, we would like to reiterate our call for the safe handling of e-mails.

Universities and other organizations are exposed to growing dangers and risks to information and knowledge. Between October and December 2022 alone, there were seven hacker attacks on German universities and colleges, three of which were in Saxony.

In the first step, attackers often try to spread malware via email or to obtain access data from users (phishing) in order to exploit it for their own purposes or to cause further damage within the institution, e.g. by encrypting or stealing data in order to then ransom it for money (ransomware).

We would like to reiterate our efforts to raise awareness of the secure handling of emails. Recently, our university has also been receiving an increasing number of so-called phishing e-mails which, under false pretenses, attempt to intercept ("phish") your access data (login/password) via links to supposed HRZ or university websites. These e-mails are becoming increasingly professional and have recently often been sent from previously hijacked real e-mail accounts in order to circumvent detection or filtering.

Therefore, please observe the following basic instructions to increase security when dealing with e-mails:

  • Check the e-mail for plausibility (name, sender address - can also be forged, spelling). Always be skeptical of unexpected e-mails and supposed e-mails from the HRZ in which you are asked to enter your access data
  • Do not click on any links that refer to unknown websites (hover over the link to see where it actually refers to)
  • Do not open any e-mail attachments with executable content and also be careful with (e.g. zip or rar) archives (applies equally to attachments from known senders)
  • Information in an e-mail can be manipulated, so only a digitally signed e-mail is a trustworthy message
  • If possible, do not send sensitive or personal content by e-mail (otherwise the e-mail should be encrypted)
  • Do not use your university access data with non-university services/providers (each service has a different password)
  • Refrain from forwarding your internal university emails to external providers

If in doubt, ask the HRZ (contact: Tel. 3333). If you have received a suspicious e-mail, please send it to the following e-mail address for further analysis and training of our filters. E-mail address: (important: forward "as an attachment", not as a quote).

All information on SPAM detection and setting up individual filters can be found here: https://hrz.hszg.de/it-sicherheit/e-mailsicherheit

Contact: Jan Bensch

to overview