Security Instructions

Faked GWDG e-mails

E-mails from central systems such as the Account Management are sent exclusively via sender addresses that end with “@gwdg.de” and use a digital signature. It happens that faked e-mails, that seem to come from the GWDG at first sight, find their way into users’ inboxes. We always inform our users as soon as we become aware of such an e-mail. These e-mails may contain links to phishing websites, spam or attachments with malicious content. It is important to know that we will never request a password by e-mail or any other support channel.

If you receive a fake e-mail

• The message should be forwarded as soon as possible by e-mail to “support@gwdg.de” so that we can publish a corresponding warning.
• The message should be deleted without opening any attachments or accessing any links it contains.

Fake GWDG websites

Our websites generally (and especially when displaying and requesting user data) use encryption and contain a digital certificate. Unfortunately, however, it happens that, especially in phishing, e-mails contain links to websites that look very similar to ours. On these pages, users are then usually asked to enter user data such as their user name and password.

If a website is suspicious

• Please inform us, if possible by indicating the link, so that we can publish a corresponding warning.
• Do not enter any personal data, in particular your user name and password, in a displayed form.
• Leave the site immediately.

Frequently asked questions

How do I know that an e-mail comes from the GWDG?

We only send emails from central systems such as the Account Management via sender addresses that end in “@gwdg.de” and use a digital signature. Depending on the email program used, the message is displayed differently. Often an icon, e.g. , indicates a signature or the word “Signed” next to the email.

Example: Apple macOS Mail

Clicking on the icon or “Signed” opens a detailed window with further information on the signature certificate. The certificate chain can be viewed and checked here. The GWDG works with the DFN-Verein, which has concluded a contract with the certificate management “Sectigo RSA”. In the certificate chain of our signature, the “Sectigo RSA” is therefore specified within the chain. Older certificates before 2022 use the prior certification service of “DFN-Verein”.

How do I know that a website originates from the GWDG?

Our websites generally (and especially when displaying and requesting user data) use encryption and contain a digital certificate. Links to our websites therefore always begin with “https://”. Common browsers also display a padlock symbol if the connection is secure.

Example: Apple Safari

Clicking on the symbol or “Signed” opens a detailed window with further information on the certificate. Here you can the certificate chain can be viewed and checked. The GWDG works together with the DFN-Verein, which has concluded a contract with the certificate management “Sectigo RSA”. The DFN-Verein (or “Sectigo RSA”) is therefore always specified as the certification authority in the certificate chain.

Where can I find more information on signatures and encryption?

In our GWDG-News Special 1/2014 the topic „E-Mail und Zertifikate“ has been covered extensively. From the application and installation to the use of certificates in various e-mail programs.

What is phishing?

Phishing describes e-mails that are fraudulently sent to a large number of people in order to obtain private information such as user names or passwords, as well as websites with the same purpose. These emails or websites can look deceptively genuine and be disguised as legitimate. It can therefore be difficult to recognize fake e-mails or websites as such, as the style, color and choice of words or entire text excerpts from trustworthy e-mails and websites.