For years, a form of fraud known as phishing has enjoyed great popularity in the field of online crime.
Phishing is an artificial word formed from the words »password« and »fishing« and can be translated as »fishing for passwords«. Fake e-mails, websites and text messages are used to deceive users and induce them to disclose confidential and sensitive data, which can then be misused.
Important notice from SCC!
As a rule, the SCC does not send non-personalised e-mails to users of the Bauhaus-Universität Weimar.
If there are important changes in the IT area, the SCC always informs you via the established information channels of the university (notice boards, notices, information at the committees). In addition, the SCC does not request sensitive information - especially your personal password - by e-mail.
E-mails from the SCC always contain the e-mail imprint commonly used at Bauhaus-Universität and no copyright information.
If systems - such as the password portal - automatically generate information e-mails, you will find corresponding notes on this on the SCC web pages and can alternatively always call up the links contained in the e-mail via our website.
Please always forward dubious e-mails or e-mails recognised as phishing attempts to the SCC user service, unless there is already a corresponding pinboard entry on the SCC message board or the SCC page »Current news« on IT security. Please send us the relevant e-mail with the complete mail header if possible. At the University of Paderborn you will find instructions on how to do this: Link to the University of Paderborn
General protective measures
- Do not disclose sensitive data lightly (no reaction to dubious mails). If you receive dubious e-mails purporting to come from official offices of the Bauhaus-Universität, please check:
- the sender - Attention: the display name of an e-mail has no reliability. If necessary, ask the sender by telephone (do not use the telephone number from a reputable source in the e-mail),
- the websites of the department concerned and the university message boards (serious changes are always announced on the official information portals) and
- the SCC's message board regarding current warnings against fake e-mails.
- Do not click on suspicious links lightly, do not open or save dubious e-mail attachments.
- You should know, check and use security features of websites.
- Current browsers usually have integrated phishing protection that warns when potential phishing websites are accessed or blocks access.
For information on current phishing/fake emails at Bauhaus-Universität, please refer to the SCC message board or the SCC page »Current News« on IT security. Further sources with general and detailed advice on the secure use of e-mails can be found in the »Further Information« section on this page.
Furthermore, phishing and fake e-mails or phishing websites can usually be recognised by certain characteristics. You can find detailed information about this on the pages we have provided.
Refined phishing variants
In addition to the more general phishing attempts that are frequently encountered, there is also the more refined variant, so-called spear phishing, which specifically targets individual persons. In the case of CEO fraud, the attacker pretends to be a superior by using fake sender information in order to mislead the victim into taking wrong actions.
Furthermore, in addition to the classic method of phishing - sending emails with fake links - a more refined form, so-called pharming, is increasingly being used.
Pharming involves manipulating the Domain Name System (DNS), which is responsible for converting the internet addresses (domain names) entered in the browser into the corresponding IP addresses. Through this manipulation, users can be directed to a fake website despite entering the correct URL.
To protect yourself from pharming, you should immediately install the available security updates for the web browser you are using. Manipulation of the DNS by means of a Trojan can often be prevented by using up-to-date malware protection.
It is also possible to manipulate links built into programs - for example, for registration purposes. This form is called binary phishing.
Sluring (service luring) aims to trick victims into revealing personal data by means of prepared websites that promise a service.
In smishing (also SMS phishing), fake SMS are sent to the potential victims instead of e-mail. The LKA Lower Saxony has created a special website with detailed information and advice: Link
In addition to the conventional variants, phishing e-mails or e-mails with malicious potential are also sent as supposed appointment invitations. Due to the format of the appointment invitations, they are usually automatically transferred to Outlook or other mail clients. Do not react to such an invitation (do not accept, reject, etc.); the entry can be removed from the calendar by right-clicking and selecting the option Delete. Under no circumstances should a link be clicked on lightly. The LKA Lower Saxony has published a warning on this subject: Link
At the beginning of 2023, OneNote attachments were increasingly used in phishing e-mails or mails with malicious potential.