Universitätsrechenzentrum
Phishing

Phishing: Attempted data theft by e-mail

  1. What is phishing?
  2. How can you distinguish such forgeries from genuine e-mails?
  3. Basic rules for dealing with dubious e-mails
Do you feel fit when it comes to phishing? →
To the self-test

What is phishing?

With so-called phishing emails ("password fishing"), criminals try to elicit access data (login, password, but also PIN and TANs) from people.

For example, users of the TU Chemnitz are requested to disclose their password in fake emails or on fake websites. This is often done by stating false facts (e.g. "storage space exhausted") and threatening consequences (e.g. "email no longer usable"). In reality, however, the access data is sent to criminals.

(Please click on the links)
A phishing e-mail
Sender isn't tu-chemnitz.de No digital signature No salutation grammar mistakes, strange wording Link to webpage outside tu-chemnitz.de
lures a user to an
external web form
Web page not in tu-chemnitz.de Not https = unecrypted connection Unusual
Design Don't fill anything in, ask URZ!
to ask for access data.
What can happen?

If your login data is in someone else's possession, it is very likely that your account will actually be misused for criminal activities, e.g. to send spam mails.

This causes damage to you and the university! Of course, strangers then also have access to your emails and data, can use (chargeable) services or commit crimes with your access data! This can have serious legal and financial consequences.

How can you distinguish such e-mail forgeries from genuine e-mails?

  • Look carefully at e-mails or web forms that ask you to enter your password!
  • E-mails from the University Computer Centre that ask you to take such actions are digitally signed.
  • The staff of the University Computer Centre will also address you by your name in e-mails.
  • Web forms that ask you to enter your TU Chemnitz password are always located on web servers with the address tu-chemnitz.de and are always protected using https.
  • The employees of the University Computer Centre are proficient in the German language and strive to use correct spelling and grammar.
  • Characteristics of an e-mail sent by the URZ
    Sender ...tu-chemnitz.de Digital signature Salutation with name correct German Link to a webpage in tu-chemnitz.de secured with https

Basic rules for dealing with questionable e-mails:

  • Never reply to such e-mails.
  • Do not enter your password in unknown web forms!
  • Do not act under time pressure, if in doubt ask at the URZ!
  • Do not give your URZ password to anyone! The URZ staff will never ask you for your password. See: URZ password hints

If you have fallen for such a scam or if you fear that your login data is in someone else's possession:

At TU Chemnitz, many of these phishing mails are also rendered harmless as part of the virus check of all incoming e-mails. However, because these mails arrive in large numbers in many different variants, the effectiveness of the filtering here is limited.

Read also our blog articles: (in German)

See also: