Service Announcement - 19 September 2023 Warning of another phishing attack

Currently, a professional phishing campaign is reaching the university to steal access data to university IDs or project accounts. These phishing mails have different senders with different texts. However, each mail contains at least one link to a web page that looks similar to a login page of an IT service (e.g. web mail). We have attached a screenshot of a sample email as well as a screenshot of a sample phishing page at the end of this message.

We have blocked the corresponding domain addresses of the web servers within the university that are currently known to us. However, this measure is only effective if you are on the university's network.

Therefore, please urgently inform all colleagues and forward the following instructions for account protection:

• When using login windows of university services, please make sure that the URL in the address line ends with .uni-heidelberg.de!
• Please check the sender of the mail or the mail address carefully and do not click on any links/attachments from unknown persons outside the university.
• Please delete suspicious mails immediately.
• Please never enter your login data on suspicious login pages.
• If you have already entered your own account data, please change your password as soon as possible or ask the IT service of the URZ for support immediately.