Fraudulent emails

• Wrong sender: In many cases, you can already tell that the email address does not match the specified name by looking at the sender box of your email programme.

• Subject: Subject lines such as „blocking your account“, „important message“, or „urgent security information“ can indicate that this is a phishing email sent out by Mr Hacker. Please be careful when you receive these types of emails.

• Appearance: Sometimes, you can recognise fraud just by looking at the email's appearance. Does this email seem different compared to those that the same sender sent you before? Does it seem incoherent? But do not let a well-crafted email fool you. When it comes to forging emails, Mr Hacker has a lot of tricks up his sleeve.

• Salutation: Phishing emails often do not use your name. Pay attention to the salutation: is it very general? Or does it use the wrong name? Is someone who you are normally on a first-name basis with addressing you by your last name or the other way round?

• Content: Is the text trying to scare you? There is something wrong with your account and it was blocked? You have to act as soon as possible? These may be signs of fraud.

  • Are you asked to reply to the email and, in doing so, pass on sensitive data such as your username and password?

  • Are you told that you have won a prize?

  • Requests for payment for products you did not buy could also be an indication that Mr Hacker is behind this.

  • The same applies to texts featuring a lot of grammatical and spelling errors.

• Attachments such as .exe, .com, .pif, .scr, and the like: If you are unfamiliar with a file extension do not open the file! However, files with familiar extensions such as .pdf or .doc could also contain malware. This is why it is important to ask yourself whether the sender could have really sent that attachment before opening it.

• Links:Are you asked to click on a link? Are you supposed to enter sensitive data such as passwords, TANs, or other personal information? Are you asked to download something via a link? If you feel unsure you should never click on a link.

• Plausibility: Did you expect to receive this email or did it literally come out of nowhere?

  You should always ask yourself:

  • When receiving an email with a subject such as „Your Registration“ or „Your Contact Request“, did you really recently register on a website? Or doesn't the subject line make any sense?

  • Do you know the sender? Did you order a package? Have you ever bought anything off of this supplier before? Would the sender really contact you via email? Are you even expecting an invoice by this sender? Always question the contact.

In order for you to protect yourself from Mr Hacker at any given time, you can download this check list via https://www.uni-siegen.de/it-sicherheit/downloads/

In this video, the research group SECUSO explains phishing and how to recognise malicious links. You can watch it here (English subtitles available):

 

Source: https://www.secuso.informatik.tu-darmstadt.de/de/secuso/forschung/ergebnisse/nophish/

 

Here is an additional summary how you can examine a URL sent to you via email.

• Make sure the URL that is displayed is the same as the actual URL. Mr Hacker takes advantage of the fact that the link that is shown does not have to correspond to the actual link. Move your cursor across the link. Your browser will show the actual destination of the link, either in a pop-up or in the status bar.

• Now pay attention to the link's„who-block“. It consists of the last two terms before the first single „/“. For example:

  • https://uni-siegen.de/it-sicherheit
    

    In this case, the who-block is uni-siegen.de and marked orange.

• Mr Hacker exploits the fact that you trust certain websites. This is why he forges the who-block of those websites. Therefore, you should pay close attention to this forged who-block. Do not be deceived by URLs featuring typos or swapped letters like: https://uni-siegne.de/it-sicherheit

  • URLs where the name of the institution is not featured in the who-block could also be dangerous:

    https://uni-siegen.de.betrug.com/it-sicherheit

  • In addition, do not trust any link that is just a variation of a familiar URL:

    https://uni-siegen-secure.de/it-sicherheit

You can find a more detailed explanation here: https://www.secuso.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_SECUSO/Research/Results/NoPhish/NoPhishPoster_OhneLogo.pdf

Mr Hacker has some mean tricks up his sleeve. He uses social engineering to make you click on a link. This means, for example, that he creates time pressure and tries to scare you.

Mr Hacker often threatens to block an account or do something else that could be to your disadvantage. This is supposed to make you click on a link, open an attachment, or reply to his email. In most cases however, those are just empty threats.

Mr Hacker can also take a different approach. For example, he sends out invoices that you allegedly did not pay. But you never even bought the specified products. He usually poses as a lawyer sending out a warning. In this case, Mr Hacker is also hoping that you are scared of the consequences of an unpaid invoice so he can lure you into his trap.

Social engineering can also mean that Mr Hacker poses as your supervisor and sends you an email with instructions. For example, he could ask you to transfer a certain amount of money to his bank account. Of course, this bank account really belongs to Mr Hacker. This is why you need to pay close attention to whether the email sounds authentic and is comparable to previous emails by the same or similar senders. In case of doubt, you could always ask your supervisor if they really sent you that email.

Mr Hacker could also lure you in with a prize. Sentences such as „Congratulations, you've won“ should be considered a red flag. You're usually asked to transfer money to cover the costs for sending you the prize for example. If you do that Mr Hacker is going to be delighted you fell for his scheme and of course never give you any prize. So, even if it may sound very tempting, it is better to ignore such an email.

Why does Mr Hacker want your data? What makes these emails so dangerous? If Mr Hacker has managed to collect your data, because you entered it on a fake website for example, he can cause a lot of damage. He may now know your bank login details or your TAN for online banking. On top of that, your other accounts could also be in danger – especially if you are using the same email address and password for different services (e.g., your Amazon account).

Mr Hacker could also send you malicious attachments

 

Mr Hacker is also interested in the files on your computer, which is why he could send you an email with a harmful file disguised as an invoice or a job application for example. By opening this file you could potentially install spyware on your computer that keeps you under surveillance. So-called Encryption Trojans are also a type of spyware. If you receive an attachment with this type of Trojan and open it your entire hard drive is going to be encrypted within seconds. You can no longer access your data. Mr Hacker usually demands a ransom for decrypting your data again. This is why Trojans are referred to as ransomware.

The following pictures illustrate what Mr Hacker could do with a stolen email account.

He could read your emails:

Mr Hacker could write emails in your name:

This is why you should always ask yourself: Is this an authentic email or fraud?

What not to do:

 

• click on links in the email
• open attachments
• reply
• forward the email (unless to ask the IT service team whether this is a phishing email or not)

 

What to do instead:

 

• delete the email
• possibly scan the attachment using a virus scanner (do not open!)
• after accidentally clicking on the link or opening the attachment, you should scan your entire computer system

 

 If you feel like your computer has already been affected by malware please contact the ZIMT user service immediately: 0271 740-4777

Some emails seem so deceivingly real that even experts fall for them. So, whenever you are unsure whether you are dealing with a phishing email or not, you can always ask to make sure. For example, you could send a new email to the supposed sender. However, do not use the „reply“ feature. Rather choose a different option such as a phone number you know or an already established contact, in customer service for example. If necessary, you can use the internet to look for the right phone number or email address.

Additionally, you can always ask the ZIMT IT service team: http://www.zimt.uni-siegen.de/it-serviceteam/

Alternatively, you can approach your contact at the University of Siegen, which is always the information security officer assigned to your department. These are:

 

Faculty I	Jürgen Beine
Faculty II	Michael Neef
Faculty III	Ralf Dreier
Faculty IV	Dr. Bernd Klose
UB	Holger Spörl
ZIMT	Jens Aßmann
ZUV	Frank Sziburies

In case you are not assigned an information security officer, you can contact the CISO: ciso@uni-siegen.de

If you suspect you have been a victim of malware please contact the ZIMT user service immediately: - 4777