The content on this page was translated automatically.

Back
12/18/2024

Important information on secure passwords and recognizing phishing emails - please note!

@IT Service Center

Ladies and gentlemen, dear colleagues,

Together with you, we are working continuously to secure our IT systems.

In recent weeks, there has been a significant increase in attacks on university accounts. In order to provide you and our university with the best possible protection, we would like to reiterate the importance of secure passwords and the correct handling of phishing emails.

With a few simple measures, everyone can help to protect our IT systems and thus maintain our digital ability to work:

1. secure password for your UniAccount

Please check whether your current password meets the following criteria:

  • Uniqueness: use a unique password for your UniAccount that you do not use for other platforms or services! (There are more than 15 billion compromised login details circulating on the Darknet. If an attacker gains access to a person's credentials, they can use them to impersonate that person and access confidential information or systems that they would otherwise not have access to. If someone uses the same credentials on different systems, this becomes child's play for hackers).
  • Length: Choose at least 12 characters, preferably 14 or more. Passphrases (e.g. short word combinations such as "ice+summer_12") are often easier to remember and still secure.
  • Complexity: Use upper and lower case letters, numbers and special characters such as ?!%+... Avoid personal data (date of birth, names of relatives or pets, etc.). Tip: A password manager can help you manage unique, long and complex passwords for each service.

Examples:

  • Insecure: e.g. 12345678 or password3 or GebDat1985
  • Secure: e.g. ice+summer_12 or moon+flower2024?

If your current password does not meet these requirements, please change it immediately at: https://uni-kassel.de/go/userapp

You can find detailed tips on the website of the Information Security Officer:
https://www.uni-kassel.de/go/sicherespasswort

2. recognize phishing e-mails

Attackers use phishing e-mails to try to persuade you to disclose personal data (e.g. passwords) or to perform unusual actions (e.g. buying and sending vouchers).

Signs of phishing can be

  • Unexpected requests or threats ("Your account will be blocked in 24 hours if...")
  • Unknown or suspicious sender address
  • Email purporting to come from a university institution, but marked "[External]" in the subject line and therefore obviously coming from outside the university.
  • Grammatical and spelling errors (since attackers also use generative AI, phishing emails are unfortunately getting "better" in this respect).
  • Links that lead to external login pages or suspicious attachments

Find out more in our 7 simple steps for detecting phishing: https://www.uni-kassel.de/go/phishing

With a strong password and a watchful eye for suspicious emails, you can make an important contribution to protecting our university. If you have any questions or queries, please contact the Information Security Officer (ISB): isb@uni-kassel.de.

With best regards

Prof. Dr. Dr. Walter Blocher Michael Neumann

CIO (Chief Information Officer) ISB (Information Security Officer)