IT security

How to protect your account and data – and what to do when something feels off.

01 · Phishing

Recognising phishing emails

Phishing campaigns target HU addresses regularly. These three rules of thumb help most.

1. CMS, HU IT and our IT group never ask for your password by email.
2. Hover over a link without clicking – the real target appears in the browser's bottom-left corner or as a tooltip.
3. When in doubt, type the address directly into your browser instead of clicking.

Typical red flags

Generic greeting ("Dear user"), even though they should know your name
Pressure or threats ("Account will be deleted in 24 hours")
Link to an unfamiliar domain (not hu-berlin.de) – domains like hu-berlin.com or verify-hu.com are not real
Attachments with unusual extensions (.html, .zip, .docm, .exe)
Spelling and grammar mistakes – machine-translated phishing often sounds off

02 · Incident

If something has happened

A quick response limits damage. In order:

Change your password immediately
Via the CMS web form. If you can’t access your account at all: lost-credentials page.
Sign out of active sessions
Especially webmail and CMS self-service: log out completely and back in, so the new password applies everywhere.
Report the incident
To us: help.math@hu-berlin.de. For phishing emails also forward to HU’s abuse team: abuse@hu-berlin.de.
Have your system checked
If you executed a file or entered credentials on a fake site: drop by or email us – we’ll help clean things up.

03 · Prevention

Good security habits

Strong password

At least 12 chars, unique per service.

SSH keys

Safer and more convenient than a password.

Use backups

Keep important files in your home – backed up daily.

Mail filtering

Enable spam and phishing filters in webmail.

If you suspect active misuse or extortion: contact us immediately – we’ll temporarily disable the account and loop in the CMS security team.