Home | deutsch  | Legals | Data Protection | Sitemap | KIT
Contact

KIT Campus Süd
Kollegiengebäude am Kronenplatz (Bld. 05.20)
Kaiserstr. 89
76133 Karlsruhe

   

Newsletter subscription
YouTube subscription

SECUSO Events
Monday, 24 Aug 2020
ARES 2020
Tuesday, 06 Oct 2020
Fifth International Joint Conference on Electronic Voting
Friday, 23 Oct 2020
AIK Symposium Cybersicherheit

Further Events ...
Externe Veranstaltungen
Tuesday, 17 Mar 2020
SICHERHEIT 2020
Saturday, 25 Apr 2020
CHI 2020
Tuesday, 26 May 2020
IFIP Sec

Further Events ...

KASTEL

Karlsruher IT-Sicherheitsinitiative

Training and education concept for the detection of phishing and other dangerous messages

Internet fraudsters use various strategies to harm you and/or your company. A popular and widely used method is to send you messages containing fraudulent content. These messages can be dangerous in different ways. The message may ask you to make bank transfers, make (paid) calls, or the message contains dangerous links and/or dangerous attachments. These messages can be sent as e-mail but also via any other form of message. Emails with dangerous links are often called phishing emails.

 

What is our concept about?

We have developed this training and self-training concept in order to understand better the attack model 'fraudulent messages' and to learn how to protect yourself. It is roughly structured as follows:

  1. Introduction to the topic
  2. Detection of implausible, fraudulent messages
  3. Detection of dangerous links (including finding the URL behind the link, structure of the URL and tricks of the attackers)
  4. Detection of messages with dangerous attachments (including finding the format of the file, list of particularly dangerous file formats and tricks of the attackers)

The NoPhish concept has been developed within the project KMU Aware, funded by the Bundesministerium für Wirtschaft und Energie in the context of Initiative IT-Sicherheit in der Wirtschaft. The project KMU Aware in turn has built on research work around the NoPhish App. The various measures as well as the concept are still being evaluated and further developed on the basis of the results. In addition, new measures are being developed. Currently, research around the NoPhish concept is financed by the BMBF within the framework of KASTEL.

 

How was the concept implemented?

(Currently not all the material is available in English, but we are working to provide more English translations)

The NoPhish concept was implemented in different measures. These are different detailed. Further information on the application can be found here (German only). 

  • Info Card - with the most important rules for detecting fraudulent messages in trouser pocket format.
  • Poster - with the most important rules for detecting fraudulent messages to hang in the office or central locations.
  • Challenge Poster (German only) - with different forms of (fraudulent) messages and the question: Is this message trustworthy? With the help of a QR code you can answer this question and you will be taken to a page with the resolution and other tips for detecting fraudulent messages.
  • Video - with a general introduction to the topic and the most important rules and descriptive examples in 5 minutes. The video was developed together with Alexander Lehmann. There are currently 3 different versions of this video on YouTube. On the SECUSO channel as well as on Alexander Lehmann you can find old versions of the video. The new version, which was improved based on evaluation results, can be found on the YouTube channel of the KIT.
  • Flyer - with a general introduction to the topic and the most important rules, with descriptive examples.
  • Training and self-training material - everything around the topic of fraudulent news with many examples and further information for self-study or as a starting point for the dissemination of knowledge, e.g. through lectures in your own company, our training documents offer the ideal basis. These documents also contain exercises. Parts of these documents and exercises have been incorporated into an Android App.
  • Quiz (German only)- Self test to detect fraudulent messages.

Hints:

  • If you are interested in using our materials in your own company / organization, please contact contact∂secuso.org so that we can clarify the general conditions.
  • Most of the recommendations are not absolute as the internet is very complex. Therefore, in this unit you will often read terms such as 'likely', 'very likely', 'potentially possible'. The recommendations should serve as a solid decision-making aid to identify fraudulent messages.
  • The (potentially) fraudulent messages used are either taken directly from fraudulent messages that were in circulation or based on these messages.
  • The dangerous web addresses used should only serve as examples. In individual cases, however, it may be that the advertising areas used have been registered directly by the imitated company itself in order to prevent attempts to defraud, or that they have been registered by individuals or companies who do not intend to do so in any way.

 

Publications

 

Additional Tools

There are tools that help you to review links easier:

  • TORPEDO - Extension to the Thunderbird email client that helps you to identify dangerous links in emails.
  • QR-Code Scanner App - Android app that allows you to scan QR codes with your smartphone. If there is a URL in the QR code, the web site will not be opened directly, instead the URL will be shown to you first for review.

 

Current or previous users

  •      Berlin transport company
  •      Office for community service in the Evang.-Luth. Church in Bavaria
  •      ASAP Holding GmbH
  •      Hessian Ministry of Environment, Climate Protection, Agriculture and Consumer Protection
  •      HEAG
  •      Federal Office of Administration
  •      MARKANT Germany
  •      eligo
  •      Koenitz Porcelain GmbH
  •      Lemo Maschinenbau GmbH
  •      AVW group of companies
  •      City of Dessau-Roßlau
  •      Police headquarters deployment in Baden-Württemberg
  •      Police headquarters in South Hesse
  •      State Office for Geographic Information and Surveying Lower Saxony (LGLN)
  •      Bundeswehr Artillery Battalion 295