Phishing: Attempted data theft by e-mail
- What is phishing?
- How can you distinguish such forgeries from genuine e-mails?
- Basic rules for dealing with dubious e-mails
What is phishing?
With so-called phishing emails ("password fishing"), criminals try to elicit access data (login, password, but also PIN and TANs) from people.
For example, users of the TU Chemnitz are requested to disclose their password in fake emails or on fake websites. This is often done by stating false facts (e.g. "storage space exhausted") and threatening consequences (e.g. "email no longer usable"). In reality, however, the access data is sent to criminals.
Design Don't fill anything in, ask URZ!
If your login data is in someone else's possession, it is very likely that your account will actually be misused for criminal activities, e.g. to send spam mails.
This causes damage to you and the university! Of course, strangers then also have access to your emails and data, can use (chargeable) services or commit crimes with your access data! This can have serious legal and financial consequences.
How can you distinguish such e-mail forgeries from genuine e-mails?
- Look carefully at e-mails or web forms that ask you to enter your password!
- E-mails from the University Computer Centre that ask you to take such actions are digitally signed.
- The staff of the University Computer Centre will also address you by your name in e-mails.
- Web forms that ask you to enter your TU Chemnitz password are always located on web servers with the address
tu-chemnitz.deand are always protected using
- The employees of the University Computer Centre are proficient in the German language and strive to use correct spelling and grammar.
Characteristics of an e-mail sent by the URZSender ...tu-chemnitz.de Digital signature Salutation with name correct German Link to a webpage in tu-chemnitz.de secured with https
Basic rules for dealing with questionable e-mails:
- Never reply to such e-mails.
- Do not enter your password in unknown web forms!
- Do not act under time pressure, if in doubt ask at the URZ!
- Do not give your URZ password to anyone! The URZ staff will never ask you for your password. See: URZ password hints
If you have fallen for such a scam or if you fear that your login data is in someone else's possession:
- Change your URZ password immediately – see IdM-Portal: https://idm.hrz.tu-chemnitz.de/user/service/account/changepassword/
- Contact the URZ, we will help you to identify possible damage.
At TU Chemnitz, many of these phishing mails are also rendered harmless as part of the virus check of all incoming e-mails. However, because these mails arrive in large numbers in many different variants, the effectiveness of the filtering here is limited.
Read also our blog articles: (in German)
- Caught in the phishing net?
- New year, new tricks - beware of email scammers
- Crime scene TUC: Suspicious e-mails
- Not a pretty present: restrictions on email traffic