The IT security team of the University of Vienna has compiled a list of practical tips and information for students and employees to make the use of e-mails more secure. 

 During the last seven days ...

Accepted e-mails
Phishing e-mails
E-mails with malware

Potential dangers in e-mails


Phishing means that unauthorised persons intercept personal login data (user name and password). In phishing e-mails, users are asked to log in to linked websites and online forms. These look like legitimate websites or forms.

Therefore, enter your u:account UserID and password only on websites

  • whose address starts with https:// or where the lock symbol is displayed and
  • whose address contains … .univie.ac.at/.


If you have mistakenly entered your u:account login data on a third-party or a presumably fraudulent website, or if your computer has been infected by malware, change your u:account password immediately. In case of questions or uncertainties, please contact the IT security team via the Servicedesk.


Malware are types of software that enable attackers to access other people’s devices. The aim is to encrypt data, transfer them to unauthorised persons or cause damage otherwise. Attackers can also steal your login data that you use for various internet services (such as u:account, online shops, online banking). 

Malware can be hidden in e-mail attachments, usually in Word or Excel documents or in compressed files (ZIP). These ZIP files can also be encoded with a password. As soon as they are unzipped using the password, the malware they contain can become active on your device.

Additionally, you can take the following steps against malware:

  • Regularly update the operating system (Windows, macOS, iOS, Android) and the software (Outlook, Thunderbird, etc.) that you use. You can find more information under PC and laptop in daily use.
  • Keep the virus scanner you use up to date and pay attention to any notifications from your system about the virus scanner.

Measures taken by the ZID

In order to protect members of the University of Vienna from dangers in e-mails, the ZID takes the following measures, among others:

  • blocking fraudulent or malicious websites in the data network of the University of Vienna
  • detecting malware in the data network of the University of Vienna
  • requesting the removal of fraudulent or malicious websites and reporting these websites to block lists
  • central spam filter for e-mail addresses of the University of Vienna.


Generally, the ZID does not send specific warnings about phishing or malware to university members. These dangers are to be expected at any time and due to the necessary reaction time, it cannot be guaranteed that a warning will reach all users in time. For example, if the ZID is not (yet) aware of the existence of a fraudulent e-mail and therefore does not send an appropriate warning, users might have a false sense of security.

Setting up a spam filter and e-mail program

Activate the spam filter of the provider of your e-mail address or e-mail program. This allows you to block the majority of unwanted and malicious e-mails (spam, phishing, scamming attempts). There is a central spam filter for your University of Vienna e-mail address.


Don’t move, delete or rename the Junk folder of your mailbox of the University of Vienna. Spam e-mails will be otherwise delivered to your inbox.

Make sure that the e-mail program is up to date and leave the automatic update activated. This helps prevent malware from exploiting security gaps in your e-mail program.

For devices that require a particularly high level of security, deactivate the HTML display mode as well. Please note that this can result in faulty text formatting. In addition, it might be more difficult to read the content.

Some e-mail programs (for example, Mozilla Thunderbird) can display web and multimedia contents like a browser. The same recommendations as listed under Browser apply to add-ons for any of these e-mail programs.

Assessing dangers

Please only open attachments and links in e-mails after taking a critical look. Ask yourself the following questions:

  • Is it plausible that I received this e-mail? If you placed an order a few minutes ago, it makes sense that you got a confirmation of your order by e-mail.
  • Does the e-mail seem urgent? In fraudulent e-mails, you are often urged to act quickly. Take the time to scrutinise the e-mail thoroughly before taking any action.
  • Is the sender’s e-mail address plausible? Check whether the e-mail address corresponds to the name of the sender. It is possible to forge a sender address. However, most scammers do not bother doing so.
  • Did I explicitly request an e-mail attachment? Malware is often hidden in attachments. Therefore, be cautious if you receive an attachment that you did not request.
  • Is the content of the e-mail stylistically suspicious? If a personal form of address is missing, the text contains many spelling and grammatical errors and umlauts or special characters are not displayed correctly, this might indicate a fraudulent e-mail.
  • Does the e-mail contain a request to transfer money or buy voucher cards (for the Google Play Store or Amazon, for example)? Do not comply with such a request.
  • Does the sender want to switch to another communication channel, such as a messenger service? Changing the channel allows the attacker to bypass the spam filter of the University of Vienna.
  • Are the target addresses of links or buttons plausible? Move your cursor over the link in the e-mail without clicking it. A tooltip window will appear. Check whether the link would open a website that corresponds to the sender or the context of the e-mail.

Screenshot Tooltip

Checking the target address with the tooltip

If you are still unsure whether the message is authentic, 

  • obtain information about currently circulating forgeries, for example on the website Watchlist Internet (in German) or use the corresponding smartphone app for iOS or Android free of charge. Even if you cannot find the message on Watchlist Internet, it could still be a forgery.
  • contact the sender using another communication channel, for example by telephone. Do not trust the contact information stated in the e-mail, but instead research them yourself.
  • contact your IT representative, the ZID Helpdesk, the ZID IT security team or other qualified persons of trust. 

Dealing with a fraudulent e-mail

If you suspect or are certain that the message you received is a fraudulent e-mail, 

  • do not open any attachments that the e-mail may contain.
  • do not click any links in the e-mail.
  • do not reply to this e-mail.
  • do not forward the e-mail except to the ZID IT security team (security.zid@univie.ac.at) or to other qualified experts for analysis purposes. In this case, make sure to send the e-mail as an attachment in the form of an EML file. This allows for analysing the metadata of the e-mail. Follow the steps in the user guide Forwarding e-mails as an attachment.  

Examples of fraudulent e-mails and phishing

A fake warning for your e-mail account

E-mails such as the following try to make you believe that your Outlook account or e-mail account will be deactivated if you do not react swiftly. The sender’s e-mail address reveals the fraudulent intent.

Screenshot fake warning for e-mail account

Fake invoice, payslip or important documents

Scammers send by e-mail 

  • either an alleged invoice, payslip or important document as an attachment which actually contains malware,
  • or links to fake login forms (phishing websites) where you are asked to retrieve these alleged documents.

Especially when you do not know the sender and the e-mail address, the subject line sounds very generic and you have not requested an invoice (or similar documents), you need to be particularly careful. 

The following screenshots show examples for this procedure. The sender’s address in both e-mails clearly reveals the fraudulent intent.

Screenshot fake payslip

Screenshot important document

Phishing pages

The following screenshots show examples of fake login forms which are opened by clicking links in fraudulent e-mails. 

This website looks like the login form of the Webmail service of the University of Vienna. You can recognise that it is a phishing website by looking at the URL in the address bar of the browser.

Screenshot Phishing Webmail

This screenshot shows a fake login form for UNIVISonline. The URL in the address bar shows that this form is a fraudulent website. 

Screenshot Phishing UNIVIS-Online

Scam via e-mail from impostors

Members of the University of Vienna repeatedly receive e-mails with sender names that resemble those of professors and heads of departments and divisions of the University. They usually contain a question about whether the recipient is available or willing to help. In further e-mails, recipients are usually asked to transfer money or to purchase and transfer credit, for example in the form of prepaid cards.

In such cases, make sure to pay attention to the sender’s e-mail address. Often, it is easy to clearly identify it as a fake. However, there are also examples where the address seems plausible at first glance, as the following screenshot shows:

Screenshot impostor

Do not reply to these e-mails and never follow instructions to transfer money or credit.

If you are unsure whether it is a fake e-mail, ask via another, official communication channel. Use the contact details of the person in u:find, such as the u:phone or business phone number or the university e-mail address (example: max.muster@univie.ac.at).