IT emergency management at the HSWT

• System not responding as usual?
• Strange warning & error messages?
• Suspicion of malware?
• Access data unintentionally disclosed?
• Laptop or other hardware stolen?

1. Keep calm!
2. Stop working on the system!
3. Document your observations!
4. De-energise the device! (Leave the on/off button pressed for 5 seconds)
5. Only initiate further measures as instructed!

Please contact the HSWT IT service desk on

telephone number +49 8161 71-2222 or it-sicherheit@hswt.de.

• Who is reporting? (Please include your contact details)
• Which IT system is affected (University of applied sciences device: sticker)?
• How did you work with the system?
• What did you observe?
• When did the incident occur?
• Where is the affected IT system located? (Building, room, workplace)
• Wait for further enquiries.

• Do not disclose sensitive data carelessly (do not respond to dubious emails). Think in advance whether it is necessary to enter personal data in order to use a certain website or feature.
• If you receive dubious e-mails that purport to come from official bodies of the University of Applied Sciences Weihenstephan-Triesdorf, please check
  • ... the dispatch address - Attention: The display name of an e-mail has no reliability whatsoever. If necessary, enquire by telephone (use a telephone number from a reputable source, not from the e-mail).
  • ... the websites of the relevant area with regard to current warnings about fake e-mails.
  • Do not click on suspicious links lightly. If you place the mouse cursor over the link, a preview of the link will appear in the bottom right-hand corner of the screen. Does this URL match the page you wanted to visit or that is advertised in the email?
  • You should neither open nor save dubious e-mail attachments.
• You can recognise secure websites or secure connections by the valid SSL certificate (https:// and the padlock in the URL page). Caution is advised with conspicuous domain endings such as ".de.com"
• Current browsers usually have integrated phishing protection, which warns or blocks access to potential phishing websites.

You will receive information on current phishing/fake emails at the University of applied sciences Weihenstephan-Triesdorf as an email from IT Security.

In addition to the more general phishing attempts that are frequently encountered, there are also more sophisticated ways of obtaining passwords. The above-mentioned measures and conscious clicking behaviour apply to avoiding an IT emergency through these special variants:

• Spear phishing is aimed specifically at individuals. In CEO fraud, the attacker pretends to be a superior by using falsified sender details in order to mislead the victim.
• In addition to the classic method of phishing - sending emails with fake links - a more sophisticated form is increasingly being used.
  Pharming involves manipulating the Domain Name System (DNS), which is responsible for converting the Internet addresses (domain names) entered in the browser into the corresponding IP addresses. This manipulation allows users to be directed to a fake website despite entering a correct URL.
• It is also possible to manipulate links built into programmes - which are used for registration, for example. This form is known as binary phishing.
• In sluring (service luring), the victims are tricked into disclosing personal data with prepared websites that promise a service.
• In smishing (also known as SMS phishing), fake SMS messages are sent to potential victims instead of emails.
• In addition to the conventional variants, phishing e-mails or e-mails with malicious potential are also sent as supposed appointment invitations. Due to the format of the appointment invitations, they are usually automatically imported into Outlook or other mail clients. You should not react to such an appointment invitation (do not accept, reject, etc.); the entry can be removed from the calendar by right-clicking and selecting the Delete option. Under no circumstances should a link be clicked on lightly.
• QR code phishing, also known as quishing, is a form of social engineering phishing in which the target person is deliberately tricked into scanning a QR code. This code either takes them to a fake website or downloads malware. Such attacks can be carried out not only via email notifications, but also via platforms such as WhatsApp, phone calls (via voice phone) or even in the form of letters.

Strange wording in the cover letter and an unusually high number of spelling mistakes can be a sign of spam from a non-German-speaking originator. An almost unmistakable sign of spam is also a request to enter personal data - for example due to an allegedly necessary account verification with an online payment service provider: a classic case of phishing.

Another common spam scam involves fake invoices in email attachments, often in the form of a ZIP file. It is highly likely that the supposed invoice contains a malicious programme that infects your computer with malware when you open the file.

Other signs of spam emails can be

• Unknown sender address
• Unusual, often cryptic-looking sender name
• anonymous address
• no imprint
• no unsubscribe link as in a legitimate newsletter
• Web links or clickable images in the email text
• Strange subject or content
• Many grammatical and spelling errors
• Zip, Word or Excel files attached

Most mail clients have relatively good spam filters. Nevertheless, you should remain vigilant and observe the general precautionary measures. The same security guidelines apply here as for malware or phishing.

In social engineering, human characteristics such as helpfulness, trust, fear or respect for authority are exploited to skilfully manipulate people. In this way, cyber criminals tempt the victim to reveal confidential information, for example,

• disclose confidential information.
• To bypass security functions.
• Make bank transfers.
• Install malware on a private device or a computer in the company network.

Similar to doorstep scams, cyber criminals on the internet also rely on the pretence of a personal relationship with the victim or make promises of profit. Many other variants of this social engineering approach are conceivable and are used. In some cases, indirect contact is also made via friends of the actual victim.

In social engineering, perpetrators exploit deep-seated human dispositions and needs to achieve their criminal goals - such as the desire to help other people quickly and unbureaucratically. This makes it difficult to reliably protect against this form of attack.

To minimise the risk of social engineering scams, you should always observe the following basic rules

• Use social networks responsibly: Users should think carefully about what personal information they disclose there, as this can be collected by criminals and misused for attempts at deception.
• Discretion about the workplace: Confidential information about the workplace or company is taboo in private and professional social networks.
• Never share passwords, access data or account information by phone or email: Banks and reputable companies never ask their customers to enter confidential information by email or phone.
• Beparticularly careful with emails from unknown senders: If there is even the slightest suspicion that this could be an attempted attack, the best response is not to react. If it is a false alarm, the sender may contact you via another channel. The 3-second rule provides time to think about the accuracy of the message.
• If a reaction is absolutely necessary, a call to the person sending the message will clarify whether it is a legitimate e-mail.