Software from untrusted sources

... may contain malicious code (e.g. viruses and Trojans).

... is distributed via phishing emails.

... can also be distributed via apparently harmless Office files.


Install software from trusted sources only:

  • Use search engines to obtain more information about the manufacturer or to obtain testimonials from other users.

    For downloading, use the website of the respective manufacturer if possible, and use encrypted pages that you can recognize by the abbreviation https in the address bar of your browser.

Take a close look at email attachments:

  • Do not open potentially dangerous file formats, e.g. .exe, .bat, .com, .cmd, .scr, .pif.
  • Open Office files only if you are sure that the source is trustworthy.

When exchanging files via e-mail, check if you can trust the sender:

  • Watch out for jumbled letter sequences, the substitution of visually similar characters or a foreign domain, i.e. the ending of the e-mail address.
  • Also check the subject line and the content of the e-mail for sense and spelling. Fraudsters often make mistakes here.
  • Also, be skeptical if a prompt reaction is demanded from you.
  • Email signatures are used as an additional layer of protection to ensure the sender address and the content of the message.

You should always refuse to enable macros when opening files unless you specifically work with them.

If in doubt, speak to your IT contact.

Further information

Notes on Phishing E-Mails

Signed E-Mails


Check out our new F.A.Q. and learn more about IT security!


The research group SECUSO (Security, Usability, Society) has developed a quiz and a game as training tools for detecting fraudulent messages.

Unfortunately there aren't any englisch versions of these tools as of yet.

NoPhish Quiz

Game: Phishing Master

Improving E-mail Security in 3 Seconds
Phishing attack: What to do?

The BSI provides an emergency checklist for victims of a Phishing attack.

This checklist has unfortunately also not been translated to englisch yet.

Phishing - checklist for the case of emergency (BSI)