Phishing Attack on RWTH E-Mail Accounts

03/02/2020
Screenshot of the Fake Website. Copyright: https://urlscan.io/  

On 29.01.2020, 1418 e-mails were sent to RWTH members as part of a phishing attack. A link to a fake RWTH login mask was distributed (compare picture above).

In the course of this attack, we would like to inform you about ways of checking the authenticity of a website for your protection:

Verify URL

Please check the URL of the website. Is it unobtrusive? Is the domain known? The correct domain of the RWTH mail app is for example "mail.rwth-aachen.de/owa/".

For RWTH applications that are authenticated via Shibboleth "RWTH Single Sign-On", the URLs start with the domain "sso.rwth-aachen.de".

Check certificate

Details of the certificate used can be obtained by clicking on the small lock in the URL bar of your browser.

In our documentation portal you will find illustrated instructions on how to check a website using the certificate. Please note that the procedure varies from browser to browser.

If you are still not sure whether a website is trustworthy, do not click on any links or enter any data. Please contact the IT-ServiceDesk immediately.

If you receive suspicious e-mails, please send them as an attachment to the IT-ServiceDesk for further evaluation.