Detecting Phishing mails and handling them correctly

Cyber criminals send fake messages by e-mail and aim to steal confidential information (e.g. access data, TU-ID, passwords etc.). This process is called phishing. Learn how to recognise and deal with phishing e-mails.

Detailed information on phishing and other valuable tips can also be found on the BSI website for citizens of the Federal Office for Information Security (BSI).

Phishing mails often have the following characteristics:

  • impersonal form of address, for example just “Good afternoon” instead of addressing you by name
  • Query of passwords, PIN or TAN
  • Call for immediate action to avoid complete loss of data
  • Links that are to be clicked are similar but not identical to the real links. Example: is not a TU address, because it does not end at “”.
  • Sender address that does not correspond to the real sender.Example: Some phishing mails under the name HRZ-Service came from

If you have an e-mail in your letterbox that has one or more of these features and is alleged to come from HRZ or another official body, you should be careful. This also applies, of course, to e-mails that do not have any of these features, but still seem to be dubious to you.

Phishing can affect anyone – be vigilant

HRZ cannot prevent criminals from sending e-mails in which they pretend to act on behalf of TU Darmstadt. In order to obtain data, the criminals use the names of public institutions as well as those of companies and banks. This makes it more important to always be alert.

If in doubt, call the institution from which the e-mail is allegedly coming, for example the HRZ service, and ask whether the e-mail is real. If you ask for authenticity by e-mail, do not use the “Reply” function, but forward the e-mail and type in the recipient's address by hand.

For more information on how to handle phishing emails, see the next section.

  • Do not click on the attachment or the links it contains.
    Just clicking on the links may introduce a virus.
  • Check the sender.
    Often you can see in the sender line that the e-mail is wrong. For example, phishing e-mails under the name HRZ Service often come from instead of service@hrz.tu-…. The HRZ only sends from addresses that end in “”. If the e-mail sender's address is fake, it is more difficult to discover the real sender. For this purpose, the e-mail header (header of the message) must be evaluated. The IP address of the true sender is located in the last line of the header marked Received From. You can find out how to display the header of an e-mail on the HRZ pages on e-mail headers.
  • Please ask.
    If you are unsure whether the e-mail has a real background, ask. If you ask about the authenticity of an e-mail, do not use the “Reply” function. Instead, forward the e-mail and type in the recipient's address by hand. You can also call the organisation from which the e-mail purports to come.
  • Delete the e-mail,
    if it turns out to be a phishing e-mail.
  • Use an up-to-date virus protection program.
    The HRZ has licensed the virus scanner Sophos Anti-Virus for the university campus. Employees and students of the TU Darmstadt can use the software free of charge. Learn more
  • Only update your passwords in the central contact data administration via the official pages of the TU Darmstadt.
  • Check the security status of websites on which you enter personal information. Make sure that the URL begins with “https”. On secure pages that transfer data in encrypted form, a lock appears in front of the URL in the address line of the browser. You can find details on this on the phishing websites of the Federal Office for Information Security (BSI).

Report your incident promptly by e-mail to the HRZ at