FAQ

If you use a digital certificate, your communication partners can easily distinguish your genuine emails from phishing emails. Managers in particular should apply for and set up a digital certificate as soon as possible.

Digital certificate users can also exchange confidential information in an encrypted form (S/MIME), without unauthorised third parties being able to read it.

The University of Wuppertal uses the German National Research and Education Network (DFN) certificate facility for its employees.

ZIM provides instructions with screenshots on how to register for a personal user certificate (in German). To install a certificate on at least one Apple device, select Algorithm: Compatible TripleDES-SHA1 in the final step.

If you need a certificate for a functional mailbox or an email alias, please feel free to contact zimpki[at]uni-wuppertal.de.

If you share the functional mailbox with other people, only one certificate is required for the functional mailbox. Store the certificate on a shared drive, for example, and give the password for the certificate to your colleagues separately.

ZIM provides installation instructions (in German) for Apple Mail, Mozilla Thunderbird and Microsoft Outlook. Please note that it is not possible to use the certificates in the web interfaces webmail and wingate.

If you have multiple accounts integrated with your email client, you will need to have a separate certificate for each account and install it in your email client.

This will enable your email client to associate the correct certificate with each sender address.

To help you keep track of your passwords, there are password managers. They store your individual user accounts with their respective passwords in encrypted form. Then all you have to do is remember a strong master password. These programmes can also generate strong passwords.

If you would like to install a password management programme (e.g. KeePass XC) on your office computer, please contact your department's IT manager. If you are supported centrally by ZIM (especially in administration), please contact your K_ITA (coordinator for IT workstation equipment).

Attention! Memorise your master password. If you forget it, you will no longer be able to access your encrypted credentials.

The ZIM informs about new phishing attacks on its website under "Aktuelles": https://zim.uni-wuppertal.de/de/aktuelles/. Information is also provided on the Rocket.Chat channel #allgemein.

If you receive a new suspicious email, you can make an important contribution by informing your supervisor (to warn your department) as well as the ZIM User Support (spam[at]uni-wuppertal.de), so that they can alert the whole university in the case of phishing waves.

Please only forward phishing emails related to the University of Wuppertal or emails that you are not sure about to spam[at]uni-wuppertal.de.

All other clear spam and phishing emails, e.g. from banks, web shops, rich oligarchs, medical products, do not need to be forwarded. Delete them immediately without clicking on links or opening attachments.

Always forward suspicious emails as attachments. This is the only way to preserve all relevant information so that technical measures can be taken if necessary.

In most email programs, you can send an email as an attachment as follows

1. Create a new email.
2. Drag the message you want to attach from the message list into the new email
   • In Outlook, the email is attached as an "Outlook Item".
   • In Thunderbird, the attachment will have the extension ".eml".
3. Send the new message with the email attached .

1. Do not allow yourself to be pressured!
If you are asked to act "now", "immediately" or "urgently", be suspicious. Never click on links or attachments that promise a quick solution to the supposed problem.
As well as fear, other strong emotions such as curiosity, enthusiasm and sympathy are also used by attackers.
Topics of these emails include: a seemingly full mailbox, a webmail account that seems to be blocked, a supposedly returned application in the e-portal, an urgent request from a person who cannot be contacted, a request to participate in a survey, interesting job offers for academic st
If you are asked to act "now", "immediately", "urgently", you should become suspicious. Never click on links or attachments that promise you a quick solution to the supposed problem.

2. Check the sender and the meaning of the email.
Is the email digitally signed by the sender (e.g. ZIM User Support)? How realistic is the described situation? If in doubt, always pick up the phone and call the supposed sender on a number you know (not the one in the email).

3. No one will ask you for your password - not even the ZIM!
Just enter your password in the usual input masks. We recommend that you save the pages you need as favourites/bookmarks in your browser, e.g. https://zim.uni-wuppertal.de/en/my-account/account-administration/ for managing your ZIM account and https://e-portal.uni-wuppertal.de/ for using the e-portal. Never reply to emails asking for your password and do not click on links or attachments in these emails. Do not share your password with anyone, even trusted colleagues.

4. Don't be ashamed!
Making mistakes is human. If you have clicked on a link or attachment and/or entered your personal data in a wrong form, please do not hide it, but report it immediately to ZIM User Support (ext. -3295), the central IT support of your faculty (if applicable) as well as your supervisor. This will help to prevent the damage from spreading and to warn your colleagues.

There is only one response: Please delete! Never reply! If you reply, the spammers know they have been successful. Sometimes people will claim that you have subscribed to a mailing list and that you can unsubscribe by replying to a particular address. This is a double lie. The same applies here: Please delete!

ZIM's spam filter is a convenient way to sort out and delete spam.

To set the filtering level when using webmail, please go to your account management:  https://zim.uni-wuppertal.de/en/my-account/account-administration/  

• Filter level 0 does not filter emails at all (current default setting);
• Filter level 1 moves "most likely spam" to the Junk folder;
• Filter level 2 moves "likely spam" to the Junk folder;
• Filter level 3 irrevocably deletes all "most likely spam" and moves "likely spam" to the Junk folder.

If you use an Exchange account to retrieve your emails, you will need to set up a rule in your Microsoft Outlook. ZIM has provided instructions and two importable rules for Exchange Spam Filter (in German). Finally, you just have to select the folder in which the spam emails should be sorted.

Please note:
Depending on the level of filtering, it is possible that desired emails are mistakenly sorted into the Junk folder. It is therefore advisable to check your Junk folder regularly. You can move a misdirected email to your inbox manually.