Faked GWDG e-mails
E-mails from central systems such as the customer portal are sent exclusively via sender addresses that end with "@gwdg.de" and use a digital signature. It happens that faked e-mails, that seem to come from the GWDG at first sight, find their way into users' inboxes. We always inform our users as soon as we become aware of such an e-mail. These e-mails may contain links to phishing websites, spam or attachments with malicious content. It is important to know that we will never request a password via e-mail.
Upon receipt of a fake e-mail
- The e-mail should be forwarded to "firstname.lastname@example.org" as soon as possible, so we can publish a warning.
- The e-mail should be deleted without opening any attachments or invoking contained links.
Fake GWDG websites
Most of our websites use encryption (especially those displaying and querying user data) and contain a digital certificate. Unfortunately, it happens that, especially in phishing e-mails, links point to websites that look very similar to ours. On these pages, users are asked to enter user data such as username and password.
Should a website look suspicious,
- inform us, if possible by indicating the website's URL, so we can publish a warning.
- do not enter any personal data, in particular do not enter your username and password.
- leave the site immediately.
Frequently Asked Questions
How do I know that an e-mail was sent by GWDG?
E-mails from central systems such as the customer portal are sent exclusively via sender addresses that end with "@gwdg.de" and use a digital signature. Depending on the e-mail client program used, the indication of the signature is displayed differently. Often, an icon, eg , or the word "Signed" is displayed next to the e-mail.
Example: Apple macOS Mail
A click on the icon or the word "Signed" opens a detail window with further information about the certificate belonging to the signature. Here the certificate chain can be checked. The GWDG cooperates with the DFN association. In the certificate chain of our signature, the DFN association is always specified as the certification authority.
How do I know that a website is from GWDG?
Our web pages usually use encryption (especially when displaying and querying user data) and contain a digital certificate. Links to our websites therefore always start with "https://". Most browsers also display a padlock icon when the connection is secure.
Example: Apple Safari
Clicking on the symbol or "Signed" opens a detail window with further information about the certificate. Here the certificate chain can be checked. The GWDG cooperates with the DFN association. In the certificate chain of our signature, the DFN association is always specified as a certification authority.
If your browser displays a warning concerning the certificate and/or the identity of the website's creator, please do not navigate to this website and contact our support.
Where can I find more information about signature and encryption?
In our GWDG News Special 1/2014 , the topic "E-mail encryption and certificates" was discussed in detail. You will find detailed information about the application for a certificate, its installation and the use of certificates in various e-mail programs in this article.
What is phishing?
Phishing describes e-mails that are fraudulently sent to a large number of people to obtain private information, such as usernames or passwords, and web pages that serve the same purpose. These e-mails or web pages can be deceptively real-looking and camouflaged as serious. It can therefore be difficult to spot fake e-mails or web pages, because they use style, color, and wording or entire excerpts from trusted e-mails and web pages. The above safety instructions must therefore be observed.