further information...

We regularly report on data discoveries involving collections of access data (email address and password). The Hasso Plattner Institute at the University of Potsdam provides the online service "Identity Leak Checker", which gives everyone the opportunity to check whether their personal identity data has been published.

Click here for the "Identity Leak Checker" (external link)

The "Identity Leak Checker" sends the check result to the e-mail address checked. If the check is positive, those affected should change their password immediately.

To change your password at FH Aachen, use the service

https://www.fh-aachen.de/fh-aachen/hochschulstruktur/zentrale-betriebseinheiten/dvz/it-dienste-fuer-studierende

or

https://www.fh-aachen.de/fh-aachen/hochschulstruktur/zentrale-betriebseinheiten/dvz/it-dienste-fuer-beschaeftigte

to the service.

When using the service, the user is referred to the FH rules for password creation.

Information on password design can also be found in the BITS online course (IT security training for public authorities - see the "Passwords" lesson) (external link) or in the basic tips on IT security on the BSI website for consumers (external link).

The following basic security instructions serve as precautionary protection against encryption/extortion Trojans:

• Make regular backups of your most important files. The backup data carrier must not be permanently connected to the computer, otherwise it can also be encrypted.
  
• Keep your system (especially the operating system, Office, browser and plug-ins) up to date and therefore the most secure
  version.
• Make sure that your system is protected by a virus scanner that uses up-to-date signatures.
  The Defender protection programme is pre-installed from Windows 8 onwards.
  The university provides every employee with protection software (currently Sophos) free of charge.
• Configure Microsoft Office so that macro code is not executed at all or only after a confirmation prompt. With newer
  Microsoft Office installations, the automatic execution of macros requires confirmation by
  the user by default. It is essential that you retain this setting.
• Only allow macros to be executed for documents from trustworthy sources - and only if
  it is absolutely necessary and you are aware of their purpose (usually for business purposes).
• Do not open any file attachments from emails where there is even the slightest doubt as to their trustworthiness. In particular,
  beware of emails containing supposed invoices and reminders that you cannot recognise.
  Applications sent by email can also contain malicious code in the attached documents.
  (For more information, see the topic "Be careful when receiving emails" on this page)
• Do not start any executable files that you doubt are trustworthy.
• Only download files from the internet (cloud) if you know their origin beyond doubt. E-mails with confidential sender details that ask you to download from unusual sources or contain links could be fake. The universities in NRW offer the Sciebo storage service for this type of application.
• Avoid using the administrator account to fulfil general everyday tasks. Operating systems offer user accounts with appropriate settings for everyday office work. This allows you to search the Internet without restrictions, edit your emails and documents without hindrance and use all specialised applications to the extent required. At the same time, you prevent unwanted changes at system level, such as the unnoticed installation of infiltrated malware.

Victims of ransomware can find support on the website https://www.nomoreransom.org/ (external link).
Decryption tools are offered here, among other things.
The internet portal was initiated by Europol, Intel Security, Kaspersky Lab and the Dutch police. In the meantime, other well-known partners from the security and law enforcement sector have joined.

For German-speaking countries, the "bleib-Virenfrei" initiative provides a website on data security.
Among other things, the initiators are dedicated to providing information and decryption tools for ransomware.
See: https://www.bleib-virenfrei.de/it-sicherheit/ransomware-liste/ (external link)

The exchange of information by email is becoming increasingly important and is enjoying growing popularity due to its flexible application options and ease of use. Alongside telephony, e-mail is the most frequently used means of communication. However, it is often forgotten that email is not always the right choice for transmitting information and that emails received may well have forged senders and/or content. Eliminating all these "shortcomings" by technical means is only possible to a limited extent and usually has the effect of making the mail process
more complicated to use. It is therefore essential that the recipient of an email is aware of these circumstances and handles
emails received with appropriate care. A few simple preventive rules of behaviour help to protect
in particular from phishing emails and fraudulent emails.

• Check the sender address of the email. You should be particularly critical of sender addresses of unknown origin. However, a sender address can also be forged. It should therefore always be checked particularly carefully. Even an email address you know does not necessarily have to come from the person you suspect is behind the email.
  Cyber criminals exploit this vulnerability to find easier access to the addressee with a forged address. If in doubt, always use another communication channel (e.g. telephone) to check whether the email actually comes from the specified sender. If available, check the sender's signature.
  The NRW consumer advice centre explains how to read the email header here(external link). This will tell you more about the actual origin of the e-mail.
• Beware of dodgy subjects. Check the subject of the email. If you are unable to link the subject of the e-mail to your current work or day-to-day business, ignore the e-mail. As the sender, you are also expected to formulate a subject that matches the topic. If in doubt, contact the sender by telephone for clarification.
• If, when reading the email, you notice an accumulation of formulations, grammatical and spelling errors that are atypical for the German language, ignore the email. If you are unsure, make sure by asking the sender for clarification via another communication channel.
• Malware is infiltrated by email through links that have been prepared accordingly or through attached files. Most frequently, executable files (files with the extension *.exe) are provided with malicious code. Never open an attachment just out of curiosity. If you cannot clearly identify the e-mail, discard the attachment and also the e-mail. You will not miss out on anything, except the trouble that may come your way due to the malware that may have been introduced. Here too, the rule is to check with the sender if in doubt.
  Blindly following a link received by email is a high security risk. The link can lead to a different
  than the specified website and from there introduce malware onto your PC. Often, the link is redirected to fake, "replica" websites under a pretence. These pages are then used to request unauthorised login data/access data in order to misuse them for further criminal offences. Particular caution is advised in these cases. If there is the slightest doubt, you should check with the sender.

You can find out more about the secure handling of emails at
(external link to government IT security training - see "Emails" lesson).

The phishing radar of the NRW consumer advice centre warns
here(external link) about current attempts at fraud by email.

The
Verbraucherzentrale NRW explains how to recognise phishing emails here(external link).

At this point, it is expressly pointed out that "cloud" services, such as Dropbox, are not intended as work tools for
business purposes in the IT landscape of FH Aachen. In its letter dated 31 July 2013, the LDI NRW (North Rhine-Westphalia State Commissioner for Data Protection and
Freedom of Information) states that no adequate level of data protection can currently be assumed for data transfer via "Safe Harbor" (which undoubtedly includes Dropbox). For FH Aachen, this means that the processing (storage and distribution) of sensitive data, including in particular personal data and research data, using cloud services such as Dropbox is not permitted!

The range of IT services offered by FH Aachen is catalogued on the DVZ website.

Further information on the topic:

Report on Dropbox on heiseSecurity (external link)

In January 2013, the BSI reported 16 million stolen digital identities that were discovered when analysing botnets
. Since then, the media have regularly reported on the "millions of data thefts". Reports from those affected in the Bundestag and federal ministries indicate the extent and explosive nature of the matter. It cannot be ruled out
that email accounts of members of FH Aachen are also affected. The most important measure for those affected is to change their password
immediately. The BSI has known about the data theft since August 2013. It can be assumed that
the perpetrators were in possession of the access data at an even earlier point in time. It is therefore quite reasonable to assume that this had already been utilised. For an affected member of FH Aachen, this could mean that their emails were read unnoticed over a longer period of time. The extent to which sensitive data may have fallen into the hands of third parties should be scrupulously checked by every member of FH Aachen affected. If this is the case, the owner of the information should be informed. If personal data is affected, the official
data protection officer of the UAS must be consulted.