Working together for better IT security

Information Security at the University of Bonn

IT security is an issue that affects the whole University. We want to help you spot potential risks and dangers in your day-to-day work.


Phishing is a form of cyberattack where fraudsters create fake emails, websites or notifications in order to steal sensitive information. Users are tricked into clicking on links, disclosing data such as passwords or spreading malware on their systems, e.g. via attachments or hyperlinks. These criminals want to get their hands on passwords or financial details and use them to commit fraud.

How can I spot a phishing email?

The first part of the video series will show you how to recognize a phishing email and what you need to look out for.

Part 1: Check the sender (video in German)

Phishing Email erkennen - Teil 1: Absender Prüfen

What you need to look out for

Check the following:

  • Typos in the domain name (the bit after the @)
  • Typos in the person’s name (the bit before the @)
  • Watch out for certain letters in the email address that look similar:
    • I l 1 (capital i, lower-case L, the number one)
    • O 0 (capital O, the number zero)
  • In the case of senders based within the University:
    • Is the sender really based at the University?
    • Their domain should always be “”
    • There are a few exceptions that also have a sub-domain, i.e. an extra bit between the “@” and the “” that is separated by a period. Valid sender addresses include:
  • Examples of invalid sender addresses:
    • (fake domain)
    • (fake domain, “e” and “a” swapped round)
    • (zero instead of “O”)
    • (missing “n”)
  • Does the email address match the name being displayed?
  • Examples:
    • An email from the Rector giving his address as <something>
    • An email with an invoice from a supplier giving a sender address that does not match the name of the supplier
    • An email from a work contact (e.g. someone at another university or organization) giving an email address from a free provider (e.g. GMX, Gmail, or another domain that does not seem to fit)

Part 2: Check the links (video in German)

Phishing Email erkennen - Teil 2: Links prüfen

What you need to look out for:

Phishing emails use links that will take you somewhere other than where they claim to.

  • If there are any links highlighted in blue in the text of your email, place your cursor over them (i.e. don’t click!) and see whether the web address that appears is plausible or what you were expecting.
  • You should use the same method to check any links written out in full.
  • Slash and period: is OK; and would be external addresses.
  • Look out for typos such as “universitat-bonn.”
  • Watch out for certain letters in the web address/link that look similar:
    • I l 1 (capital i, lower-case L, the number one)
    • O 0 (capital O, the number zero)
  • If you are on a mobile device, you will not have a cursor to use, so it is better to wait until you are at your desktop if you are in any doubt.

Part 3: Check the content (video in German)

Phishing E-Mail erkennen Teil 3: Inhalte Prüfen

What you need to look out for

Check the following:

  • Register, format, choice of words, a large number of unusual typos
  • Impersonal form of address (“Dear Sir, dear Madam,” “Customer” instead of your actual name)
  • Unsuitable/unexpected tone (formal where you would normally expect informal, or vice versa)
  • Different language (English instead of German)
  • Choice of words
  • An attempt to arouse your curiosity (e.g. you have won something, your parcel has arrived or someone with rare skills has submitted an amazingly exciting application)
  • A demand to enter personal data, such as the PIN for your online banking login or your passwords
  • Pressure being exerted (time pressure and an impending consequence, e.g. your account has been/will be locked)
  • …all designed to deceive the user into clicking on links or opening an attachment or attachments (without checking them out first)

More tips


Never download software onto work computers yourself. Ask IT staff to help you.

Updates and restarting

If your computer needs to install updates and/or restart, make sure it can do this as soon as possible.

It should always be shut down when you finish work so that updates/restarts can be launched automatically at that point if they have not already happened.

Sharing data

Use one of the University’s official data-sharing platforms such as Sciebo.


  • Do not reuse them.
  • Do not merely continue a sequence (e.g. having a number at the start or end that you simply increase by one each time).
  • Do not use any words you would find in a dictionary.
  • Use at least 12 characters, including at least one capital letter, one lower-case letter.
  • Build your password from a readily memorable phrase by taking the first letter of each word. For example, “I’m looking forward to my 2023 summer holiday on Norderney!” -> password: “Ilftm2023shoN!”

Connecting mobile devices, e.g. to charge them

  • Do not connect any personal external hard drives/USB flash drives to work computers.
  • Do not connect any external hard drives/USB flash drives provided by your work to personal computers.
  • Do not connect personal cell phones, tablets or cameras to work computers or a docking station (this only applies to staff in administration).
  • Always charge devices from a charger plugged directly into the socket.

Further information and training sessions

Help and contact details

If you have any questions about this topic or would like to report something suspicious, please do not hesitate to contact the IT Security Officer.

You can also get in touch with IT and Computing Services, University IT or your local IT administrators.

IT Security

Dr. Jörg Hartmann

+49 228 / 73-6758

Department 2 - IT and Computing Services

Contact for the university administration

University IT and Data Center

Wird geladen