How easily are you tricked?

Photo credit: uc graphic

Spam and Phishing

How to identify malicious e-mails – protect yourself and others

Unwanted e-mails are called spam. There are many different types of spam which can be found in e-mail inboxes on a daily basis. Here you find information about the different types of unwanted, malicious e-mails, how you can identify them and how you can protect yourself against such e-mails.

We also offer regular training sessions on spam and phishing.

Training overview

Women in front of her laptop
Photo credit: Elisa Berdica
What are spam e-mails?
  • Unwanted e-mails are called spam.
  • Often these are ads for various products.
  • It is increasingly common that spam e-mails contain malicious attachments or links to malware.
  • Typical scenarios involve alleged invoices or applications to be opened via link or attachment.

Man in front of his laptop
Photo credit: Elisa Berdica
What are phishing e-mails?
  • Phishing e-mails are sent to steal confidential information (e.g. access information, user IDs, passwords, banking data, PINs, etc.)
  • Attackers try to trick you into visiting fraudulent websites or into executing malware files which directly infect your computer.
  • In most cases, you are asked to login on a website or to send information via e-mail.
  • Phishing e-mails often seem trustworthy because they are disguised as being sent by a well-known company or institution (e.g. University IT, banking institutions)
  • With some background information such e-mails can be specifically tailored to individual persons.

What to do in case of doubt

  • Check your emails with the spam / phishing check.
  • Do not click on the attachment or the links in the e-mail! This also applies to links in files which are attached to an e-mail.
  • If you have already opened a document, DO NOT click “enable editing”. You must not click “enable editing”, even if you’re requested to so by the e-mail or the document.
  • Always check the domain part of a link. Never enter your data without checking!
  • If your computer shows unusual behavior, please use a virus scanner to check your device.
  • If you are unsure, please contact us!

How to identify spam and phishing

The following explanations help to identify spam and phishing e-mails in the best possible way. In addition, the information on how to check links is also helpful for daily use of the Internet use since they help to avoid fraudulent websites.

  • Check your e-mails for spam and phishing

    Please check:

    • Is the sender unknown or fake*? (please check the complete e-mail address)
    • Is the greeting impersonal, missing, or in a different format than the rest of the text?
    • Are the contact details or the signature incorrect?
    • Are you asked to open file attachments or links?
    • Are you asked to disclose or confirm login data (for example your password) or other confidential information?
    • Are you asked to act quickly?
    • Are you threatened with negative consequences?
    • Is the e-mail written in poor German or with incorrect characters?

    If you have to answer one or more questions with “yes”, this may be a phishing attack. However, phishing attacks are becoming more and more professional so that it can be a phishing e-mail even if none of the above mentioned requirements is fulfilled. If you are sure that you have received a spam/phishing e-mail, do not answer, delete the e-mail immediately and do not click on links or attachments.

    *Senders can be forged easily. Phishing e-mails can also be sent through hacked accounts. A trustworthy sender does therefore not guarantee a trustworthy e-mail! Please be wary and when in doubt, please ask the sender (University IT, colleagues, bank, shop) through another communication channel.

  • How to identify the target of a link

    How to identify the target of a link when HTML is enabled

    This is the most simple way to check a link. This applies to e-mails as well as to links in the browser. However, with this method you need to stop each time before clicking on a link and check the target of the link. Hover your mouse over a link and wait a moment. After a short amount of time, a small window indicating the target of the link appears over the mouse cursor or the target is shown at the left bottom of the window.

    If HTML is enabled in e-mails this ALWAYS has to be checked, since other targets may be hidden behind links which are actually unambiguous. The following example shows a link to the university’s website which actually leads to Google as soon as you click on this link.


    How to identify the target of a link when HTML is disabled

    If you keep forgetting to check links before clicking them and want to play it safe, you can disable HTML e-mails in your e-mail program. The advantage is that the actual target of a link is shown directly in the text.

    How links are shown in e-mails when HTML is enabled

    If HTML is enabled in e-mails it is not possible to immediately identify the target of a link in an e-mail. 

    The following example show three types of links which may be found in an e-mail:


    How links are shown in e-mails when HTML is disabled

    Comparing this to the e-mail text where HTM is disabled shows:

    1. The target of the link in the text is now shown behind the link.
    2. The second link leads to the website of the university since there are no additional information behind the link.
    3. The link which appears to be leading to the University website leads to Google.

    In order to get this view and to identify the targets of links more easily, please refer to the following instructions by Microsoft: https://support.microsoft.com/en-us/office/read-email-messages-in-plain-text-16dfe54a-fadc-4261-b2ce-19ad072ed7e3?ui=en-us&rs=en-us&ad=us

  • How to identify fraudulent links – What is the domain name?

    How to identify the domain part of a link

    The domain is the name of a website. If you have found the domain part of link you can verify it.

    To identify the domain part you go to the right end of the link until you find the first single slash “/”. Then you go to the left until you find the second dot “.”. The part between these two symbols is the domain part.

    Below you will find a few examples where the domain part is marked in bold

    • www.bwl.uni-mannheim.de/studium
    • de.wikipedia.org/wiki/Informationssicherheit

    How scammers try to trick you

    As soon as you have found the domain part you can verify the link. Simply compare the domain part with the domain part of the website you know to which the link allegedly directs.

    Here are some examples of fraudulent websites:

    • Fake domain name
      • www.uni-mannheim.de.website-of-the-attacker.com/studium/
    • Similar looking characters/numbers
      • www.uni-mannheirn.de/studium
    • Mimicking the actual domain name
      • www.mannheim-uni.de/studium
    • Typos or transposed letters
      • www.uni-manhneim.de/studium

    Please note that these are simply examples and that other forging methods or combinations of the tricks mentioned are possible.

    Never click on a link, if you have identified one of the fraudulent tricks mentioned above. Please open the website directly – by entering the address in the browser if you know it by heart – or use a search machine.