RECOGNIZE, PROTECT, REACT to Information Security
Information security is a joint task of all employees, students and members of the University of Münster. See-Protect-React represents a three-step process of competencies designed to make information security more accessible in your daily work.
The See section provides information on potential threats, attackers' approaches, and the value of your information.
The Protect section provides you with concrete action instructions, step-by-step guides, and useful tips for implementing a secure way of working in your everyday workplace.
In the React section, you will find clues on how to recognize a security-critical incident, what to do in such a case, and who to contact immediately.
IT- and Information Security Courses
Checklists
Use our IT Security Checklist to implement the necessary IT security measures at your workplace step by step.
Use our Checklist: How to Detect Scam Emails to identify and protect yourself against phishing and other harmful emails.
Also, use our Emergency Card to ensure that if you can no longer access the Internet, you can still reach your responsible contacts.
Warning about attacks with fake captchas (ClickFix)
Currently, there's an increasing number of so-called ClickFix attacks (also known as Fake-Captcha attacks) being observed against members of the University of Münster. This attack method lures users to manipulated websites that display seemingly harmless Captcha prompts, error messages, or verification requests (e.g., "I am not a robot," "Please verify you are human," or "To fix the problem, please follow these steps"). Entry often occurs via manipulated search results, compromised websites, phishing emails, or advertisements. Instead of a genuine Captcha check, users are instructed to perform a dangerous action or key combination.
Anyone who executes these steps unknowingly starts malware on their device or unwittingly grants attackers access to services. Attackers use this to steal login credentials, session cookies, or other sensitive information, or to permanently compromise the system. Often, stolen credentials are then used for further attacks. Similar variants exist for macOS and Linux, prompting users to execute commands in the terminal.
Warning about attacks using messaging services
The media have recently reported repeatedly on phishing attacks carried out via the messaging services WhatsApp and Signal.
If you have forwarded security codes in the messenger or scanned a QR code, you may be affected. The German domestic intelligence services provides detailed information, particularly on how to detect a potential compromise, at https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/praevention_wirtschafts-und_wissenschaftsschutz/2026-04-27-phishing-via-messenger-services.html
This is not a compromise of the Signal messenger itself. Signal therefore continues to be classified as secure (for private use).
In this context, the Ministry of the Interior of North Rhine-Westphalia also warns against using the Russian messaging service MAX. This app provides Russian security authorities with maximum access to digital devices. If you install the MAX app on your own device, you must therefore expect all stored information to be passed on to the Russian security authorities. You should therefore not install this app on devices on which you process work-related data.
Warning about current scam e-mails
An increased number of scam emails are currently being sent to many members of the University of Münster.
These emails with the German subject "Klavierspende an neues Zuhause" pretend to be sent by employees of the University of Münster and claim that a piano is to be donated. However, this is actually the beginning of a scam attempt. The criminals try to convince victims to transfer alleged transportation costs without a prior inspection having taken place. The piano itself does not exist and is not shipped by the criminals.