SECUSO for citizens / for KMU
General advice: Here we present you all relevant results of our studies. If you have any suggestions, please let us know. If you want to get informed about our newest results, feel free to subscribe to our monthly newsletter.
On this page, you will find an overview for
- Materials and tools that help you to protect yourself from attacks in multiple ways. These materials were evaluated for usability and comprehensibility. We proved that users were able to improve significantly in protecting themselves. Some of these materials/tools are recommended by “the Bundesamt für Sicherheit in der Informationstechnik” (BSI) (i.e. TORPEDO, and NoPhish App).
- Privacy-friendly apps: Android apps for the daily needs that just ask for the minimum permission needed to run it, without showing you any ads. The best part, it is completely free.
- ACCESS for administrators, developers and decision makers: This is an online platform that supports you in the selection of your context optimized authentication process.
We provide you a sample of flyers for all kind of subjects, free for you to download. These flyers contain the most important information about the following subjects:
- Phishing and other fraudulent messages - NoPhish material:
How to Recognize Fraudulent Messages, and Especially Phishing Messages: Flyer, Poster, and Infocard
- PIN Management – How you can easily memorize PINs: Flyer
5 minutes – NoPhish-Explanation video
Together with Alexander Lehmann, we created two five-minute long videos, containing the most important information about phishing and other fraudulent messages with dangerous links (and how to identify them).
Learn how to protect yourself playfully
- The user learns in a playful way to read Website-URLs correctly and to recognize dangerous links and attachments. In the Online-Game "Phishing Master" you are in an office and messages are displayed on the monitor and you have to examine, if they are genuine.
- With the NoPhish Quiz, slightly modified contents of the NoPhish Challenge posters are presented to you in an interactive and playful way. The game has the format of a short self-test.
- You can playfully learn how to identify phishing and other fraudulent messages with the NoPhish Android App. It will be adapted to the structure of the other materials on the topic in 2021. You can download this app for free from the Google Play Store.
We offer a range of training materials on various topics for free download. The idea here is that you can use it for self-study. We also hold the training courses ourselves at selected events. If you would like to test your knowledge, you can do so by taking a quiz.
- Detection of phishing and other fraudulent messages: ILIAS training (currently only available internally), ILIAS for everyone (only in German currently), quiz
- Protection of user accounts with secure passwords: materials (only available in German), quiz (at SoSciSurvey; only available in German)
- Protection of privacy in social networks: materials (only available in German)
Awareness measures (especially for security officers)
To draw more attention to the detection of phishing e-mails or fraudulent messages and to check the address bar in the browser before entering sensitive data (especially password data), we have developed a series of so-called challenge posters. The idea is that they are hung in places where the addressed people are and talk to others, e.g. in the coffee kitchen, canteen or at the bus stop. This way, the employees can discuss together whether the situation shown is a dangerous one or not. A corresponding resolution can be obtained via QR codes on the poster.
We also developed an extension to a password cracking tool to protect user accounts. This is intended to enable every employee to test for themselves how long it takes to guess passwords and thus illustrate how important it is to choose a secure password.
- The download of the Challenge Poster and more information about the deployment can be found here for fraudulent messages and here (only available in German) for the protection of user accounts.
- You can download the Password Cracking Tool and more information about its use here (only available in German).
You can download add-ons for your web browser and the email client Thunderbird from the respective stores. These add-ons support you in identifying attacks.
- TORPEDO for web browser, identifying fraudulent messages with dangerous links (phishing emails): Mozilla Store for Firefox, Google Store for Chrome, more information
- TORPEDO for Thunderbird, identifying fraudulent messages with dangerous links (phishing emails): Mozilla Store, more information
- PassSec+ for web browser, identifying unreliable websites on which you can enter sensible data (including phishing websites): Mozilla Store, Google Store, more information
- Privacyfriendly cookie settings add-on for web browser, supporting your cookie privacy settings in the web browser: Google Store, more information
Privacy-friendly apps for your android device only asks for permissions that are necessary for the functionality. No tracking mechanisms are used, that means no data will be gathered and no ads! Each privacy-friendly app can be installed without concerns about privacy violations. The source code of each privacy-friendly app can be looked at, at the website software development platform GitHub. This gives the user the opportunity to check if the stated properties are really part of the app. Today we have apps for all kinds for your daily life: fitness, health, diverse tools like a shopping app, a lot of games and apps with IT-security focus. Here you can find an overview of our apps.
Please note: We are also interested to provide our apps for iOS. Sadly we still have not the resources to do so.
Authentication ChoiCE Support System (ACCESS)
ACCESS is an online platform for administrators, developers and decision makers that supports the selection of appropriate authentication processes. You describe the context of the authentication process, and ACCESS matches the information with the properties of a multitude of authentication processes in the ACCESS knowledge database to give you the most appropriate authentication process regarding your context.