Sometimes, these fraudulent types of email appear deceptively authentic. But what is behind this? On this page, we provide a number of easy to understand examples, explanations, as well as tips and tricks on how to deal with phishing emails. Learn how to protect yourself against malware, data theft, and the like or test the knowledge that you already have.
This is a prime example of fraud. In this case, someone is trying to trick you: this email was not sent by the ZIMT but someone completely different. Let's call them Mr Hacker. Mr Hacker poses as a ZIMT employee and wants to make you click the given link. If you follow that link you are directed to a website that is also fake. There, you are asked to type in your username or your email address including the corresponding password. If you enter your data there, it is then transferred to Mr Hacker. So, Mr Hacker has stolen your data. In doing so, he can easily sign into your university account.
How can I tell the difference between authentic and phishing emails?
Wrong sender: In many cases, you can already tell that the email address does not match the specified name by looking at the sender box of your email programme.
Subject: Subject lines such as „blocking your account“, „important message“, or „urgent security information“ can indicate that this is a phishing email sent out by Mr Hacker. Please be careful when you receive these types of emails.
Appearance: Sometimes, you can recognise fraud just by looking at the email's appearance. Does this email seem different compared to those that the same sender sent you before? Does it seem incoherent? But do not let a well-crafted email fool you. When it comes to forging emails, Mr Hacker has a lot of tricks up his sleeve.
Salutation: Phishing emails often do not use your name. Pay attention to the salutation: is it very general? Or does it use the wrong name? Is someone who you are normally on a first-name basis with addressing you by your last name or the other way round?
Content: Is the text trying to scare you? There is something wrong with your account and it was blocked? You have to act as soon as possible? These may be signs of fraud.
Are you asked to reply to the email and, in doing so, pass on sensitive data such as your username and password?
Are you told that you have won a prize?
Requests for payment for products you did not buy could also be an indication that Mr Hacker is behind this.
The same applies to texts featuring a lot of grammatical and spelling errors.
Attachments such as .exe, .com, .pif, .scr, and the like: If you are unfamiliar with a file extension do not open the file! However, files with familiar extensions such as .pdf or .doc could also contain malware. This is why it is important to ask yourself whether the sender could have really sent that attachment before opening it.
Links:Are you asked to click on a link? Are you supposed to enter sensitive data such as passwords, TANs, or other personal information? Are you asked to download something via a link? If you feel unsure you should never click on a link.
Plausibility: Did you expect to receive this email or did it literally come out of nowhere?
You should always ask yourself:
When receiving an email with a subject such as „Your Registration“ or „Your Contact Request“, did you really recently register on a website? Or doesn't the subject line make any sense?
Do you know the sender? Did you order a package? Have you ever bought anything off of this supplier before? Would the sender really contact you via email? Are you even expecting an invoice by this sender? Always question the contact.
In order for you to protect yourself from Mr Hacker at any given time, you can download this check list via https://www.uni-siegen.de/it-sicherheit/downloads/
How do I recognise a link leading to a fake website?
In this video, the research group SECUSO explains phishing and how to recognise malicious links. You can watch it here (English subtitles available):
Here is an additional summary how you can examine a URL sent to you via email.
Make sure the URL that is displayed is the same as the actual URL. Mr Hacker takes advantage of the fact that the link that is shown does not have to correspond to the actual link. Move your cursor across the link. Your browser will show the actual destination of the link, either in a pop-up or in the status bar.
Now pay attention to the link's„who-block“. It consists of the last two terms before the first single „/“. For example:
In this case, the who-block is uni-siegen.de and marked orange.
Mr Hacker exploits the fact that you trust certain websites. This is why he forges the who-block of those websites. Therefore, you should pay close attention to this forged who-block. Do not be deceived by URLs featuring typos or swapped letters like: https://uni-siegne.de/it-sicherheit
URLs where the name of the institution is not featured in the who-block could also be dangerous:https://uni-siegen.de.betrug.com/it-sicherheit
In addition, do not trust any link that is just a variation of a familiar URL:https://uni-siegen-secure.de/it-sicherheit
You can find a more detailed explanation here: https://www.secuso.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_SECUSO/Research/Results/NoPhish/NoPhishPoster_OhneLogo.pdf
What are Mr Hacker's tricks?
Mr Hacker has some mean tricks up his sleeve. He uses social engineering to make you click on a link. This means, for example, that he creates time pressure and tries to scare you.
Mr Hacker often threatens to block an account or do something else that could be to your disadvantage. This is supposed to make you click on a link, open an attachment, or reply to his email. In most cases however, those are just empty threats.
Mr Hacker can also take a different approach. For example, he sends out invoices that you allegedly did not pay. But you never even bought the specified products. He usually poses as a lawyer sending out a warning. In this case, Mr Hacker is also hoping that you are scared of the consequences of an unpaid invoice so he can lure you into his trap.
Social engineering can also mean that Mr Hacker poses as your supervisor and sends you an email with instructions. For example, he could ask you to transfer a certain amount of money to his bank account. Of course, this bank account really belongs to Mr Hacker. This is why you need to pay close attention to whether the email sounds authentic and is comparable to previous emails by the same or similar senders. In case of doubt, you could always ask your supervisor if they really sent you that email.
Mr Hacker could also lure you in with a prize. Sentences such as „Congratulations, you've won“ should be considered a red flag. You're usually asked to transfer money to cover the costs for sending you the prize for example. If you do that Mr Hacker is going to be delighted you fell for his scheme and of course never give you any prize. So, even if it may sound very tempting, it is better to ignore such an email.
What are the potential damages?
Why does Mr Hacker want your data? What makes these emails so dangerous? If Mr Hacker has managed to collect your data, because you entered it on a fake website for example, he can cause a lot of damage. He may now know your bank login details or your TAN for online banking. On top of that, your other accounts could also be in danger – especially if you are using the same email address and password for different services (e.g., your Amazon account).
Mr Hacker could also send you malicious attachments
Mr Hacker is also interested in the files on your computer, which is why he could send you an email with a harmful file disguised as an invoice or a job application for example. By opening this file you could potentially install spyware on your computer that keeps you under surveillance. So-called Encryption Trojans are also a type of spyware. If you receive an attachment with this type of Trojan and open it your entire hard drive is going to be encrypted within seconds. You can no longer access your data. Mr Hacker usually demands a ransom for decrypting your data again. This is why Trojans are referred to as ransomware.
The following pictures illustrate what Mr Hacker could do with a stolen email account.
He could read your emails:
Mr Hacker could write emails in your name:
This is why you should always ask yourself: Is this an authentic email or fraud?
How do I handle emails responsibly?
What not to do:
- click on links in the email
- open attachments
- forward the email (unless to ask the IT service team whether this is a phishing email or not)
What to do instead:
- delete the email
- possibly scan the attachment using a virus scanner (do not open!)
- after accidentally clicking on the link or opening the attachment, you should scan your entire computer system
If you feel like your computer has already been affected by malware please contact the ZIMT user service immediately: 0271 740-4777
Who can I ask if I am unsure?
Some emails seem so deceivingly real that even experts fall for them. So, whenever you are unsure whether you are dealing with a phishing email or not, you can always ask to make sure. For example, you could send a new email to the supposed sender. However, do not use the „reply“ feature. Rather choose a different option such as a phone number you know or an already established contact, in customer service for example. If necessary, you can use the internet to look for the right phone number or email address.
Additionally, you can always ask the ZIMT IT service team: http://www.zimt.uni-siegen.de/it-serviceteam/Alternatively, you can approach your contact at the University of Siegen, which is always the information security officer assigned to your department. These are:
|Faculty I||Jürgen Beine|
|Faculty II||Michael Neef|
|Faculty III|| Ralf Dreier |
|Faculty IV|| Dr. Bernd Klose |
|UB|| Holger Spörl |
|ZIMT|| Jens Aßmann |
In case you are not assigned an information security officer, you can contact the CISO: email@example.com
If you suspect you have been a victim of malware please contact the ZIMT user service immediately: - 4777