You are located in service: RWTH-E-Mail

Suspicious e-mails

Suspicious e-mails


If you are uncertain about an e-mail, it should be treated as suspicious. Reasons to be suspicious can include the following:

  • Marking as spam by your e-mail program or in the subject
  • Unclear who the sender is
  • Unwanted or unexpected e-mails
  • Unexpected attachments
  • Spelling or formatting mistakes
  • Inconsistencies
  • Requesting a payment (e.g. to buy gift cards, invoices)
    • Messages that try to imitate superiors in this context are known as CEO fraud
    • Fake conferences can ask for registration fees or abstracts
  • Links that you are meant to use to log in to an account
  • Asking for login credentials, personal information or other sensitive information
  • Putting you under pressure (e.g. through deadlines, demands for payment or accusations)
  • Swearing you to secrecy or forbidding you from contacting the supposed sender
  • The address of the sender or links in the e-mail contain suspicious additions, particularly at the beginning of the address/url
  • The linked website is not secure (a warning is displayed next to the address line in the browser). Please do not voluntarily click any links in suspicious e-mails, even just to test them.

In case of doubt, suspicious e-mails can be set to as an attachment. The IT Center can then assess whether the e-mail poses a threat and the type of threat where applicable. Please only forward the original e-mail to us, rather than forwards or e-mail chains that merely contain the e-mail. You should under no circumstances click any links in the e-mail or open attachments.



The steps that need to be taken when dealing with a suspicious e-mail depend on its type:

If you have clicked on a link or opened an attachment, there is a risk that your device or accounts are compromised. Please follow the procedures for compromised accounts and devices immediately.


The e-mail is marked as spam

All e-mails that reach the RWTH Aachen University are checked for spam.

If such an e-mail is detected, it is marked with the text "***** SPAM *****" at the start of the subject line.

No further steps are required, provided that you do not do anything with the e-mail except deleting it. These e-mails have already been recognised as spam by the system and marked as such.


The e-mail is marked with "*****VIRUS REMOVED / ENTFERNT*****"

All e-mails that reach the RWTH Aachen University are checked for attachments containing malware. The same applies to e-mails which leave the RWTH via the server, or

If suspicious code is detected in an attachment, the attachment is replaced with the following text:

  This attachment contained a virus and was stripped.

Additionally, the beginning of the subject line has "***** VIRUS REMOVED / ENTFERNT *****" added to it. No further steps are required, provided that you do not do anything with the e-mail except than deleting it.


The e-mail is unrecognised spam

If you receive an unwanted e-mail that has not been recognised as spam by the system, and marked as such, you should forward the e-mail to the spam filter. This allows the spam filter to be trained to recognise the new type of spam.

It is critical that the original e-mail is forwarded as an attachment to Simply forwarding the e-mail as text is not sufficient!

Spam such as advertising and simple hoaxes, that does not pose a technical threat, does not necessitate any further steps after it has been forwarded. The messages can then be deleted.


The e-mail is an unrecognised phishing e-mail or contains an undetected virus

Unrecognised malicious e-mails are likely to have been sent to multiple recipients as spam. It is likely that some of the other recipients have been tricked by the e-mail, so it is important that the e-mail is reported to the IT-ServiceDesk as early as possible to limit the damage.

Please report the malicious e-mail by sending it as an attachment to and The e-mail can then be analysed and countermeasures can be enacted. Simply forwarding the e-mail as text is not sufficient.



Blog posts:

last changed on 06/27/2023

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License