We are currently observing a wave of attacks on e-mail addresses from the RWTH address area. The subject of the phishing e-mails is "Voice Mail (00:19secs)", "Voice Mail (00:36secs)" or similar. The e-mail contains a link that leads to a replica of the Outlook Web App (see image above).
Update: The phishing attacks are still taking place. In addition to the subject mentioned above, phishing e-mails with the subject "WICHTIG: E-Mail-Benachrichtigung der Universität Würzburg" are particularly noticeable at the moment.
This email may also be sent in a modified version and/or in English.
Please do not click on any links in the e-mail under any circumstances and do not enter any personal data!
If you receive suspicious e-mails, please send them as attachments to the IT-ServiceDesk. Our specialist department is working hard to stop the attacks.
Characteristics of a secure website
In the course of this attack, we will inform you about ways in which you can check the authenticity of a website to protect yourself:
- Check URL: Please check the URL of the website. Is it inconspicuous? Is the domain known? The correct domain of the RWTH mail app is, for example, "mail.rwth-aachen.de/owa/". For RWTH applications that are authenticated via Shibboleth "RWTH Single Sign-On", the URLs start with the domain "sso.rwth-aachen.de".
- Check the certificate: Does your browser classify the page as secure? Click on the small lock in front of the address line with the website link. Information is displayed there as to whether the page is secure or has a security certificate.