NoPhish Concept: Awareness/Education/Training concept for the detection of phishing and fraudulent messages

Internet fraudsters use various strategies to harm you and/or your company. A popular and widely used method is to send you messages containing fraudulent content. These messages can be dangerous in different ways. The message may ask you to make bank transfers, make (paid) calls, or the message contains dangerous links and/or dangerous attachments. These messages can be sent as e-mail but also via any other form of message. Emails with dangerous links are often called phishing emails.

"Ich bin der Forschungsgruppe SECUSO am KIT in Karlsruhe besonders dankbar, denn sie stellen sehr gute Awareness-Materialien zur Verfügung, um sich gegen Betrüger im Internet zu schützen." (Arne Schönbohm, Präsident des BSI)

What is our concept about?

To better understand the attack form 'fraudulent messages' and learn how to protect themselves, we have developed awareness, education and training measures. The concept covers four topics:

  1. Introduction to the topic
  2. Detection of implausible, fraudulent messages
  3. Detection of dangerous links (including finding the URL behind the link, structure of the URL and tricks of the attackers)
  4. Detection of messages with dangerous attachments (including finding the format of the file, list of particularly dangerous file formats and tricks of the attackers)

The development of the NoPhish concept was started at TU Darmstadt. This happened within the project KMU Aware, funded by the Bundesministerium für Wirtschaft und Energie in the context of Initiative IT-Sicherheit in der Wirtschaft as well as the CRISP project funded by the Bundesministerium für Bildung und Forschung. The concept in turn has built on research work around the NoPhish App. The various measures as well as the concept are still being evaluated and further developed on the basis of the results. In addition, new measures are being developed. Currently, research around the NoPhish concept is supported by funding from the topic Engineering Secure Systems of the Helmholtz Association (HGF) and by KASTEL Security Research Labs.

You can find a more detailed description here.

How was the concept implemented?

(Currently not all the material is available in English, but we are working to provide more English translations)
The NoPhish concept was implemented in different measures. These are different detailed. Further information on the application can be found here (German only).

  • Info card - with the most important rules for detecting fraudulent messages in trouser pocket format.
  • Poster - with the most important rules for detecting fraudulent messages to hang in the office or central locations.
  • Challenge Poster (German only) - with different forms of (fraudulent) messages and the question: Is this message trustworthy? With the help of a QR code you can answer this question and you will be taken to a page with the resolution and other tips for detecting fraudulent messages.
  • Videos - With a general introduction to the topic, the most important rules and descriptive examples. We have put all this together with Alexander Lehmann in our two five-minute NoPhish videos.
  • Flyer - with a general introduction to the topic and the most important rules, with descriptive examples.
  • Training and self-training material - everything around the topic of fraudulent news with many examples and further information for self-study or as a starting point for the dissemination of knowledge, e.g. through lectures in your own company, our training documents offer the ideal basis. These documents also contain exercises. Parts of these documents and exercises have been incorporated into an Android App.
  • Quiz - Self test to detect fraudulent messages.
  • Online-Game  (German only) - "Phishing Master", the slightly different serious game to detect fraudulent messages.
  • STAR, a humanoid robot that interactively discusses fraudulent messages with users. A video of a possible process can be found here.


  • If you are interested in using our materials in your own company / organization, please contact contact∂ so that we can clarify the general conditions.
  • Most of the recommendations are not absolute as the internet is very complex. Therefore, in this unit you will often read terms such as 'likely', 'very likely', 'potentially possible'. The recommendations should serve as a solid decision-making aid to identify fraudulent messages.
  • The (potentially) fraudulent messages used are either taken directly from fraudulent messages that were in circulation or based on these messages.
  • The dangerous web addresses used should only serve as examples. In individual cases, however, it may be that the advertising areas used have been registered directly by the imitated company itself in order to prevent fraud attempts, or that they have been registered by individuals or companies who do not intend to commit fraud in any way..



Additional Tools

There are tools that help you to review links easier:

  • TORPEDO - Extension to the Thunderbird email client that helps you to identify dangerous links in emails.
  • QR-Code Scanner App - Android app that allows you to scan QR codes with your smartphone. If there is a URL in the QR code, the web site will not be opened directly, instead the URL will be shown to you first for review.


Current reference users and organization that refer to our material (53)

  • Authorities/institutions
    • Bundeskanzleramt
    • Bundesverwaltungsamt
    • Bundesamt für Sicherheit in der Informationstechnik (BSI)
    • United Nations African Union Mission in Darfur (UNAMID)
    • Polizeipräsidium Einsatz in Baden-Württemberg
    • Polizeipräsidium Südhessen
    • Landesamt für Geoinformation und Landesvermessung Niedersachsen (LGLN)
    • Verbraucherzentrale NRW e.V.
    • Artilleriebataillon 295 der Bundeswehr
    • Stadt Dessau-Roßlau
    • Stadt Hamm
    • Landkreis Marburg-Biedenkopf
    • Stadtwerke Jena
    • Amt für Gemeindedienst in der Evang.-Luth. Kirche in Bayern
    • Landeshauptstadt Stuttgart
    • Stadt Elmshorn
    • Evangelische Landeskirche in Württemberg
    • Stadtverwaltung Neuwied
    • Landesverwaltungsamt Sachsen-Anhalt
    • Justiz Niedersachsen
  • Higher education institutions
    • Karlsruher Institut für Technologie
    • Eberhard Karls Universität Tübingen
    • Ruhr-Universität Bochum
    • Informations- und Mediendienste (ZIM) der Universität Duisburg-Essen
    • Hochschule Koblenz
    • Universität Kassel
    • Universität Würzburg
    • Technische Universität Braunschweig
    • Hochschule Konstanz (HTWG)
    • Fernuniversität Hagen
    • Hochschule Worms
    • Universität Bamberg
    • Universität Mannheim
    • FH Münster
    • Universität Freiburg
    • Universität zu Köln
    • Pädagogische Hochschule Karlsruhe
    • Technische Universität Darmstadt
    • TU Dortmund
    • Europa-Universität Viadrina
    • Bergische Universität Wuppertal
    • Universität Jena
  • Companies
    • Berliner Verkehrsbetriebe
    • ASAP Holding GmbH
    • HEAG
    • MARKANT Handels- und Industriewaren-Vermittlungs AG
    • eligo
    • Könitz Porzellan GmbH
    • Lemo Maschinenbau GmbH
    • AVW Unternehmensgruppe
    • Bayern1 Radio
    • Welivesecurity by ESET
    • IT-Service GmbH