At first glance some of these emails look like they have been sent from the ZEDAT Support Office.

These emails are designed to pressure the recipient into entering account and password information on an external website that looks like Freie Universität’s website, for example, by including the phrase “ZEDAT Support” in the subject line. The email might tell recipients that a “service” (for example, their university email account) is going to be deactivated unless they click on a link or button embedded in the email and enter their username and password on the website that it links to.

Neither ZEDAT nor any other IT department at Freie Universität would ever send an email like this – even if the sender address looks like a “real” university email address. If you receive an email like this and aren’t sure what to do, call the ZEDAT help desk at +49 (0)30 838-77777 or send an email to hilfe@zedat.fu-berlin.de.

Phishing emails are often very deceptive and can trick you into unwittingly sharing personal data or open the door to violations of privacy. Here are some tips that can help identify phishing emails or other scams:

• Double check the sender address and make sure it’s actually from Freie Universität Berlin.
• However, a sender address can be forged and appear to be a “real” email address, so please pay special attention to the following as well:
• Keep an eye out for inconsistencies, for example, strange subject lines, spelling errors, grammar mistakes, or other language that seems unusual for Freie Universität.
• Another red flag is if the email doesn’t include the sender’s full contact information, such as ZEDAT’s street address, telephone number, etc.
• Be careful if an email includes links to external websites outside of the www.fu-berlin.de domain or sub-domains such as www.zedat.fu-berlin.de or portal.zedat.fu-berlin.de.

When in doubt, contact your IT support office or the ZEDAT help desk before you follow any instructions in an email to share sensitive information. You can also change your password at any time via the ZEDAT portal if you think that an unauthorized third party might have gained access to it.

The following links provide some additional helpful information:

Fraudulent emails and how to deal with them:

• https://www.zedat.fu-berlin.de/tip4u_183.pdf (in German)

Watch out for “CEO fraud” (i.e., fake emails from university management):

• https://www.zedat.fu-berlin.de/tip4u_184.pdf (includes information in English)

Workshop in IT security and data protection:

• https://www.fu-berlin.de/sites/it-sicherheit/schulung/ (offered in German)

Information from the German Federal Office for Information Security: How do I recognize phishing emails and websites?

https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Spam-Phishing-Co/Passwortdiebstahl-durch-Phishing/Wie-erkenne-ich-Phishing-in-E-Mails-und-auf-Webseiten/wie-erkenne-ich-phishing-in-e-mails-und-auf-webseiten_node.html