RSS-Feed abonnieren

Passwort vergessen?

v Anmelden

9. Jun 2021

Warning of phishing – Please check sender and domain name

Currently, phishing e-mails are being sent that contain original e-mails from correspondence with university members as attachments and can therefore appear deceptively real.

Check sender

Please make sure that the sender is plausible. Most university members use their university e-mail address in the form firstname.lastname@institution.uni-halle.de for sending. Some e-mail programs show the sender’s address only after double-clicking on the sender’s name.

How to deal with links

If possible, please do not open any links from e-mails: If, for example, a document of a Stud.IP event is linked, you can open Stud.IP directly via the URL you know https://studip.uni-halle.de/ and locate the document by going to the file area of the event. If this is not an option, check whether the domain name of the link ends with „uni-halle.de“ and is therefore trustworthy.

The displayed text of a link and the target address (URL) are not necessarily identical. An example in which the text is https://uni-halle.de/, but the target address is https://uni-halle.org/https://uni-halle.de/

To do this, right-click the link (usually a long tap on touch devices) and copy the target address (URL) to the clipboard. Then paste the content of the clipboard into the browser’s address bar and scroll to the top. Now, determine if you trust the page by examining the domain of the URL.

Adress line of a browser shows the URL https://studip.uni-halle.de/plugins.php/coreforum/index/index?cid=19401676314045d323d35494dbd8fe1a
The browser’s address bar contains the URL of the called page. Already highlighted are the components of the top-level (de) and second-level domain (uni-halle)

In this example, the domain is „studip.uni-halle.de“ . The component „uni-halle.de“ has already been highlighted by the browser. Trusting this domain, you can now open the page by clicking on „Enter“, „⏎“, „➞“ or „Go“, depending on your operating system.

Case study

With this in mind, now consider the following screenshot:

Phishing E-Mail von einer GMX-Adresse mit dem Text: Schöne Grüße! Sie können eine vollständige Liste der erforderlichen Dokumente hier in einem Dokument einsehen: allindiakmcc dot com slash DVG slash sandro_wefel-88 dot zip
Darauf folgend eine originale Stud.IP Nachricht des Dozenten, die möglicherweise zum Linktext passt.
Screenshot of a phishing e-mail

Already highlighted are the components by which you can recognize at first glance that this is probably phishing:

  1. Possibly sent from a GMX address. Most lecturers would probably use their official firstname.lastname@institution.uni-halle.de e-mail address.
  2. A ZIP file is offered via the domain name „allindiakmcc dot com“. Most lecturers would probably upload material on Stud.IP ( https://studip.uni-halle.de/ ) or ILIAS ( https://ilias.uni-halle.de/ ).

In addition, you may be skeptical about the salutation „Greetings“ or the provision of additional documents that are not required or necessary.

Further information

For more information on e-mails with questionable content, check out the ITZ-Blog.

What to do if I entered my password on a fake website?

You can set a new password on https://serviceportal.itz.uni-halle.de/. If this is no longer possible, please contact the ITZ Helpdesk immediately: +49 (0) 345 55 21 888 helpdesk@itz.uni-halle.de

Kommentieren


Letzte Kommentare