27. June 2023 - Service Announcement Warning regarding a new phishing campaign

The University is currently being targeted by a professional phishing campaign to steal access data for University IDs or project accounts. These phishing emails have different senders with different texts. However, each email contains at least one link to a website that looks confusingly similar to the login page of an IT service (e.g. Exchange Mail). We have attached a screenshot of a sample email and a screenshot of a sample phishing page at the end of this service announcement.

We have blocked the corresponding domain addresses of the web servers within the university that are currently known to us. However, this measure is only effective if you are connected to the university's network.

Therefore, please urgently inform all staff members at your institution and pass on the following information to protect the accounts:

  • When using login masks of university services, please make sure that the URL in the address line ends with .uni-heidelberg.de!
  • Please check the sender of the mail or the mail address carefully and please do not click on any links/attachments from unknown persons outside the university.
  • Please delete suspicious mails immediately.
  • Please never enter your login information on suspicious login pages.
  • If you have already entered your own account data, please change your password as soon as possible or ask the IT-Service of the URZ for assistance immediately.

Example screenshot of a phishing email

Example screenshot of a phishing email

Example screenshot of a phishing page

Example screenshot of a phishing page