• Suspicion of misuse of user data
• Occurrence of computer viruses (e.g. in email attachments)
• Criminal acts (e.g. hacking of servers, burglary, theft or blackmail with an IT connection)
• Wilful manipulation or attempted manipulation of IT systems (e.g. keyloggers)
• Occurrence of security gaps in hardware or software components (e.g. operation of Windows XP or Windows XP or Windows XP systems). -(e.g. keyloggers)
• the occurrence of security vulnerabilities in hardware or software components (e.g. the operation of Windows XP or Windows 7 systems)

Such events have an impact on IT security. They can therefore impair confidentiality, integrity and availability. The consequences are, for example, spied on, manipulated or destroyed information.

As a general rule:

If in doubt, it is better to report one event too many than too few! The following examples are for illustrative purposes only and are by no means exhaustive.

E-mails

• Suspicious e-mails with attachments or links must be reported. It does not matter who the (supposed) sender of the email is.

• Suspicious emails without attachments or links do not necessarily have to be reported. Fake sender names are common in spam campaigns and sometimes cannot be filtered out by the central anti-spam gateway.

   

Examples of reportable emails

The quality of so-called phishing emails is increasing rapidly. Emails that contain previously tapped communication (e.g. Emotet) are particularly dangerous. The aim is to persuade the victim to open files (usually text documents).

Always check whether the sender's name and email address are related to each other in a meaningful way. If you receive an email in the name of a university member that was sent from an external email address (i.e. without the @tu-freiberg.de extension), you should pay particular attention. The sender name of an email can easily be forged.

Examples of non-reportable emails

Spam emails that could not be sorted out by our central spam filter are not reportable. One example of this is the so-called "Nigerian Connection".

• Violations of internal guidelines and instructions
• Inadequate protection of rooms and buildings requiring protection
• Violation of access rights
• Modifications made to software, hardware or infrastructure
• Violation of service level agreements (SLAs) by an IT
  service provider.

Write an email to informationssicherheit [at] tu-freiberg [dot] de (informationssicherheit[at]tu-freiberg[dot]de) with the following information:

• Who is reporting? (name, email address, telephone number)
• When did the incident occur? (date and time)
• Type of incident (virus attack, system intrusion, ...)
• Which system is affected (name and IP address of the system, location)
• Short description of the incident

• IT-Grundschutz: sicherheitsrelevante Ereignisse
• BSI: Spam, Phishing und Co
• BSI: How to recognise spam
• BSI: Password theft through phishing
• BSI: Malware: Questions & Answers