Zentrum für Datenverarbeitung (ZDV) (data center)

Recognizing Phishing Mails

What are phishing mails?

Many dangers lurk in the internet...

Swindlers try to get hold of your access data (e.g., your username/LoginID and password) using phishing emails. Once they can get into your account, they can use it for further fraudulent activities.

What damage is caused?

If you divulge your access data, the “phisher” has full access to your account – all your emails and all other data in the University network.

The account which has been broken into is then misused to send spam, phishing emails or virus-carrying emails in the name of the legitimate user. That damages the reputation of our SMTP server – which can lead to other email providers refusing to accept emails from the University of Tübingen. That harms all users of the University network.

How do you recognize phishing emails?

We explain below how to recognize the majority of phishing emails. If you are not sure, please contact us!

Subject lines such as "Warning/ Warnmeldung", "account upgrade/ Konto-Upgrade", "mailbox full/ Mailbox über Größenbeschränkung" are meant to make the message sound important.

Usually, the email contains a threat (in poor German or English) to close or delete the account. This is meant to make you respond immediately – without taking time to think.

Click on the images to enlarge.

You can easily see that this email was not really sent from "webmaster@uni-tuebingen.de" and that the reply goes to an external address.

The University IT center (ZDV) never asks for your password via email!

Expressions like "F-Secure" and "password secure/ Passwort ist verschlüsselt" are meant to give the appearance of security. This is a sham!

Even though a "uni-tuebingen.de" sender address was used, this email did not originate


Sender’s addresses can easily be falsified.

As in the first example, the answers go to an external address.

This phishing email tries to lure unsuspecting users with a link to a form in which you are supposed to enter your access data. In the webmailer you can easily see the quota status (circled in green).

This is an example of a form linked via a phishing email.

The source locator (URL) indicates that this is not a University of Tübingen web page.

This is an example of a form created by the phisher using Google Docs. The data is transferred securely (https) – but not to the University of Tübingen.

Browsers mark encrypted links in various ways (e.g. on a colored background, with a “locked” symbol), but this only means the data is encrypted when it is sent. You must check the addressee if you transmit sensitive data!