The most important thing is to remain vigilant when handling emails, text messages, or phone calls! Almost everyone will have to deal at some point or other with these kinds of attacks. Be especially wary if you are asked to act immediately.
In case your password does fall into the wrong hands, here is an important tip: store your mobile number via user administration. This will ensure that you receive help more quickly if your user account is blocked and that you can be provided with a new one-time password.
carefully read your emails and check the sender address.
Set up a digital signature
This signature tells you if the email really comes from an internal sender—namely, through the red seal symbol. If you click on this, you will find more information about the signature and its validity. This allows you to determine if the mail is trustworthy or not. The more Universität Hamburg members set up digital signatures, the more secure email correspondence becomes!
Tip: Contact the Regional Computing Center to find out about personal certificates, which enable you to create digital signatures. You can use this signature for greater security.
Links should also always be checked. By mousing over,” which means skimming your mouse over the link without clicking on the link, you can see where the link leads to. The most important thing here is the first part of the address provided. Even if “uni-hamburg” is part of a long link, always look at the beginning of the link address. “uni-hamburg” must come before the first single slash ( / ).
Therefore, always look for the first single slash in the address: this will lead you onto the right path!
As a general rule, before typing in your uni username and your password on a web page, check the address line in the internet browser to see if it’s really a University page—for example, to use a University service or mail program.
Investigate further and do not reveal passwords!
If you receive spam or suspicious emails, do not under any circumstance click on attachments or links—simply delete the mail. If you are uncertain, ask the sender via telephone or zoom if they really sent the mail.
Phone calls can also be a means for deception. Here, too, you must be vigilant—never provide access data or passwords via telephone. Nobody, not even the Regional Computing Center, will ask you to provide passwords via telephone.