Spam and phishing emails

Phishing email from 19.05.2019

Phishing email from 19.05.2019

In the screenshot on the right, you can see that the sender contains ITSMZ (1), but the actual e-mail address shows that it is not a university address. In the text (2) you can see that it is not college but university that is used. Furthermore, if you hover over the link (3), you can see that it does not redirect to an internal university website, but to an external site. Furthermore, the mail is not cryptographically signed.

 

Phishing email from 25.09.2017

Phishing email from 25.09.2017

Here the first sign that it is spam is the sender. The IT-Centre only writes to you via an official HS-Wismar address and signs such mails cryptographically. If you hover over the link given in the mail, you will also see that it redirects to an address that does not end in hs-wismar.de and is also not encrypted via HTTPS.

 

Despite our e-mail system's current spam filter, it occasionally happens that employees in particular receive e-mails that purport to come from university employees and ask them to click on a link and possibly enter their user data, including password, on a website.


In the following, we would like to point out some signs that can help you to recognize whether the e-mail is authentic or not.

General hints

  • An employee of the university will never ask you for your user password without being asked!
  • Without personal agreement with you, we will never direct you to a web page to enter your user data!
  • An e-mail must have been sent from an e-mail address of the University of Wismar (@hs-wismar.de).
  • If something should have been linked in the mail, pay attention to the target address of the link (in the case of the university it ends with @hs-wismar.de).
  • Websites of the university have a valid certificate and are marked as secure with the lock in the browser! Such as:

Emails of the IT-Centre

  • If it concerns IT matters, make sure that the sender is either an employee of the IT-Centre or one of your faculty administrators - you can research this on our website.
  • If you are still unsure about the legitimacy of an e-mail, call the IT-Centre first to be on the safe side (extension: 7566; available on weekdays from 7:00 a.m. to 7:00 p.m., on Fridays until 3:30 p.m.).
  • Likewise, e-mails from employees of the IT-Centre or the faculty administrators are always "cryptographically signed". Look for a corresponding note in your e-mail program. Below are a few examples of how you can recognize a valid signature:

GroupOffice

Thunderbird

Outlook

Mac Mail

Behavior in case of emergency

If you have clicked on the link of an affected mail and entered your user data, please change your password on ums.hs-wismar.de immediately and report to the IT-Centre as soon as possible in order to contain further spreading.

 

Latest on spam protection

*.doc files blocked for emails

Due to the recent increase in fake invoices and similar spam mails with .doc files attached, we have blocked the old Word file type .doc on our mail servers.

The newer formats (docx, xlsx, pptx and similar) are not affected by this measure. If possible, only documents in PDF format or, if not possible otherwise, in the newer MS Office formats just mentioned should be sent by mail.

The .doc file format is now more than 20 years old and poses a significant security risk because malicious program code can be found in such documents. Therefore, these file types are often used to spread viruses and Trojans in emails.

If you have a document in .doc format, you must open it once in Word and save it again as a .docx file. To do this, click on Save as, specify the location and then select Word document (*docx) at the bottom of the file type. The same applies to old Excel and PowerPoint files (.xls and .ppt).