Protection Against Phishing Websites
Dynamic Blocking of Phishing Sites
As soon as the IT Service becomes aware that a website is a phishing site, the Network Services Department automatically blocks access to it from the university network. When a link to a blocked site is accessed from the university network, the following information page appears with a block notice:
Domain owners and hosting providers will be notified of the abuse. The block will remain in effect until the domain owner or hosting provider notifies us of the blocking or deletion of the affected servers.
When evaluating websites for phishing, the IT Service also refers to the lists provided by Fortinet. You can check which websites are listed as phishing sites by Fortinet at the following address.
In the event of a false alarm (or false positive), URLs can be unblocked at any time. In this case, please contact IT Support.
Technical Background of the Block
Linked phishing URLs also use the Hypertext Transfer Protocol Secure (HTTPS). For technical reasons, a warning message initially appears in the browser when a blocked page is accessed. When the homepage is accessed, the browser expects an SSL/TLS-secured response that matches the requested domain. However, the response is provided to the browser by a firewall in the Network Services department, which contains a certificate from a certification authority unknown to the browser.
Reviewing Emails
In addition, the University of Bamberg’s IT Service checks emails for phishing, provided this is technically feasible. Affected messages containing phishing URLs
- include the following note in the subject line: [Warning: Suspected phishing/spam]
- include the link—which has been classified as a phishing attempt—in plain text, along with a note about the phishing attempt
