IT Center Blog

Attention: Spear Phishing Emails in Circulation

September 30th, 2022 | by
Arrow through laptop

Source: Own illustration

In the last weeks, there have been more spear phishing attacks on RWTH email addresses. In this article, we would like to make you aware of these attacks and explain how you can recognize spear phishing emails. You have received a spear phishing email to your RWTH email address? We explain how you should best proceed.

What is spear phishing?

Spear phishing is a special type of phishing attack. In general, phishing attacks involve sending fake emails to trick people into falling for a scam. In traditional phishing attacks, recipients are selected randomly. However, in spear phishing attacks, the mentioned emails are sent in a very targeted manner. Specific companies, organizations, and possibly even individuals can be targeted. The victims are spied on first, sometimes over a long period of time. Once enough information has been gathered, the victim is contacted.

The sender’s address, signatures, salutation as well as the content of the email may appear deceptively genuine to the victim. The victim is often asked to perform a certain action, such as clicking on a link or downloading an attachment. The aim is always to obtain data. The victim only realizes much later that this was a fraudulent email. At this point, however, it is usually already too late and the victim can no longer react.

Current spear phishing attack on RWTH and FH Aachen

For several days now, an increasing number of emails have been sent to employees of RWTH and FH Aachen, possibly quoting the content of old emails. A ZIP file is attached to these emails, which installs malware on the respective device when opened and a password displayed on the page is entered.

For this reason, we ask you to treat emails with a ZIP document attached with caution in the next few days in particular.

Such an email might look like the following:

Sample email

Source: Own illustration

As an additional security measure, we have temporarily set up a filter that filters out emails coming from outside with a defined size. As a result, you may not receive emails that contain a ZIP attachment. For example, if the sender of an email notifies you that an email does not seem to have reached you, please contact the IT-ServiceDesk.

Since 28.09.2022, the attack pattern has changed in that spear phishing emails are sent that contain only a URL. When clicking on this URL, malware is also installed on the respective device.

Current information and updates in this regard can be found in the status reporting portal.

I have received a spear phishing email. What should I do?

In general, you should always pay attention when receiving emails and check the sender’s email address and domain for plausibility. If you receive a spear phishing email or if an email simply seems suspicious to you, you should always report the case to a responsible office. In case of suspicious emails to a RWTH email address, please forward the email in question as an attachment (!!) to both and

With every spear phishing email that is forwarded to us, we can gather valuable information about the attack. In this way, you too can make a significant contribution to the security of others. Do you want to learn more about spear phishing and IT security? You can find all our articles on this topic in a clearly arranged form under the tag IT-Security.


Responsible for the content of this article is Stéphanie Bauens.

Comments are closed.