04. October 2023 - IT-Security Warning against phishing campaign

Once again, the University is being targeted by a professional phishing campaign. The phishing emails use real mails that have been captured from mailboxes in a previous successful attack, making them look particularly trustworthy.

In the cases observed, these mails were preceded by two lines, such as:

Check the document: Link to the phishing page

File password 678

Sometimes this request is also contained in an attached PDF or ZIP file. By using legitimate mails with known text as a basis, the phishing mails look particularly trustworthy. The emails contain an external random or stolen sender email address. In addition, the name visible and readable in the email programme is usually one of the names of the original conversation partners (very often the name of the original sender).

The attackers respond to any current mails as well as to mails from the victim's mailbox that are decades old.

Please make sure you pay attention to the following points to protect your account:

  • Please check the sender(s) of the email or the email address carefully and do not click on any links or attachments from email addresses you do not know. If in doubt, call the sender you know at a telephone number you know from beforehand to confirm the authenticity of the message.
  • Please do not open any attached PDFs of which you are not sure that they actually come from the specified recipient.
  • Please delete suspicious mails immediately.
  • Please never enter your access data on suspicious login pages.
  • If you have already entered your own account data, please change your password as soon as possible or ask the IT Service for assistance immediately.

You can also find current IT security warnings in our service announcements.