Security-related incidents primarily include the incidents and suspected cases listed below. In addition, we kindly ask you to report any other circumstances and incidents not listed here that relate to IT and information security to the following departments:

• If you notice any unusual behaviour in the IT system, please contact your IT support team.
• In the event of malfunctions in central IT systems and services, please contact the IT.SERVICES Helpdesk.
• Please report technical defects, IT vulnerabilities and security-related incidents to RUB-Cert. RUB Cert.
• Please report organisational deficiencies and general information security issues to the Information Security Office (Stabsstelle für Informationssicherheit).

Phishing emails aim to lure you to malicious websites in order to steal your data, especially access data such as your RUB password.

If you have followed such a fraudulent request to a non-RUB website, please note the following two points:

• If you entered your RUB password on a website that is not affiliated with RUB, it is now compromised.
  Please use a different, secure device temporarily, if at all possible.
  First, follow the instructions in the section  RUB password compromised.

• Regardless of whether you have entered any data, simply visiting the malicious website may have already infected your computer with malware.
  It is therefore advisable to shut down the device used in order to check it afterwards.
  Therefore, always follow the instructions in the section Suspected malicious code.

Please always remember to inform your IT support and the ISB/RUB Cert team (email contact) so that they can take the necessary further measures.

If your login details have fallen into the hands of third parties, e.g. because you entered your RUB password on a phishing site, your password is now compromised.

Change your RUB password immediately:

• Set a strong password that is significantly different from your compromised password.
• If you use the compromised password on other IT systems/services, change the password there as well. As a general rule, you should always use different passwords for different systems.
• Password change in RUB Identity Management
• Further information on password security

Caution: Even visiting a malicious website can lead to your computer being infected with malware. The device used must be checked. It is therefore advisable to shut down affected devices. You can find information on this in the section Suspected malicious code.

If at all possible, use a different, secure device temporarily to change your password.

Please always remember to inform your IT support and the ISB/RUB Cert team  (email contact) so that they can take the necessary further measures.

Accounts that appear to have been compromised are temporarily locked to protect against identity theft or further misuse.  This typically happens when a fraudster has stolen your password and is using it to send spam/phishing emails via your account.

Contact your IT support:

• Have your computer checked for malicious code.
• Your computer must be checked before your account can be activated.

Caution: Even visiting a malicious website can lead to your computer being infected with malware. Devices used for this purpose must be checked. It is therefore advisable to shut down affected devices. You can find information on this in the section Suspected malicious code.

Contact the ISB team: With the compromise of your password, unauthorised persons have gained access to your mailbox and RUB systems. This makes it possible for unauthorised persons to disclose personal data. The RUB is obliged to examine the matter from a data protection perspective, document it internally and, if necessary, initiate the required notifications  (email contact).

Activating your account: Once your computer has been checked and data protection issues have been clarified, you can activate your account in the IT.SERVICES service centre. To do this, you must also set a new password:

• Set a strong password that is significantly different from your compromised password
• If you also use your RUB password on other IT systems/services, change your password there as well. By the way, you should always use different passwords on different systems.

The term malware refers to a wide variety of software/programs that perform unwanted or harmful functions on a computer.

If you notice any unusual system behaviour, such as...

• .. receiving replies or bounces to emails that you did not intentionally send
• .. receiving notifications from your system indicating viruses, worms, malware, Trojans, etc.
• .. receiving messages about failed updates or programmes you don't recognise
• ..detecting unusual activities, such as missing or altered data, or find unknown programmes
• ..detecting unusually long programme loading times or persistent network load

 an analysis of your system is necessary.

This is particularly important if you have followed a link that was sent to you directly by email or indirectly via a document from an unknown person (via phishing/spam email).

In such cases, it is advisable to shut down the device you are using and have it checked. Use another, secure device temporarily.

Contact your IT support:

• Have your computer checked for infections with malicious code.
• A device suspected of being infected must not be operated on the RUB network