Irmi Blomenkemper, CISO of the University of Cologne

As an IT security expert at the RRZK, Irmgard Blomenkemper is also one of our experts when it comes to phishing emails. In our new interview section "Have a cookie with..." she tells us interesting facts about the annoying and dangerous cyber attacks. 

Question 1: Have you already fallen for a phishing email?

"Not yet, but almost. Phishing emails can catch you cold. I assume that I will also fall for one at some point, because the texts of such phishing mails are really professionally made and are getting better and better.

Recently, journalist Eva Wolfangel reported to Deutschlandfunk about a phishing email saying that she had missed a work meeting. The idea was to trick her into clicking on a mail attachment containing malware. I could also imagine falling for such a mail. As soon as you are in work stress and have to do something quickly, something like this can happen to anyone."

Question 2: Are there any particularly interesting phishing methods at the moment?

"Recently, the method of automatically changing design of phishing websites has attracted particular attention. Software runs there that deceptively recreates an already existing university website. The cyber criminals only have to adjust a small extension, and they arrive at a page built (according to the same pattern), but with a different design.

For example, if I enter an email address of the University of Cologne there, the page looks different than if I want to log in with a uni-bonn.de address or web.de address. This means that victims are less likely to question the authenticity of the page because the design looks familiar to them. This way, cyber criminals don't have to recreate every single page, but only the basic form, which then changes automatically depending on who accesses the page with which account data."

Question 3: How big is the problem at the University of Cologne? How often are phishing emails reported?

"Phishing emails usually come in waves. Sometimes, therefore, several waves come per week, sometimes fewer. Most of the time they come just before the weekend, because the cyber criminals know that such waves are discovered less quickly on the weekend. They like to take advantage of that - and not just at our university."

Question 4: What is the best way to protect yourself from phishing emails?

"'Stay calm and stay on top of things', that’s what my mom used to say. If I notice that someone wants to put me under extra pressure to do something quickly (for example, if someone threatens to block my account), then I'm always especially careful. My tip: The easiest thing to do is to wait a few days. Our security team will try to render the phishing sites harmless during that time."