Source: Own illustration
Why this topic matters
Phishing emails are among the most common types of cyberattacks- even at universities. Attackers attempt to obtain passwords, personal data, or access to systems by sending emails that appear deceptively legitimate.
These messages often look official: they contain logos, signatures, and sender addresses from well-known institutions such as RWTH Aachen Universitys. That is precisely what makes them so dangerous.
In this article, we will show you how such phishing messages are structured and what clues can help you recognize them early on. We will also present current examples from the RWTH so that you can better assess how genuine these emails often appear.
Practical examples
In recent weeks, various fraudulent emails have been circulating at the RWTH with subject lines such as:
- “Action required. Your email storage is almost full”
- “Email verification required”
- “Your account is expiring, please clear your cache”
These messages used logos, colors, and language of the RWTH or Microsoft to create trust. However, upon closer inspection, they give themselves away through typical warning signs.
How to identify a phishing email
Source: Own Illustration
Key indicators of phishing
1. Urgency or threats
Phrases such as “Your account will be locked” or “Please act immediately” are designed to cause stress. Official communication does not use such language.
2. Incorrect or unusual sender address
Even if the display name seems trustworthy, the actual email address often exposes the fraud. If the display name and domain do not match, the email is likely phishing.
3. Illogical or unprofessional wording
Technical terms are often used incorrectly or in unusual ways. Such inconsistencies can quickly reveal phishing attempts.
4. Suspicious links or buttons
Hovering over links shows the actual URL. If the link leads to an unknown or strange domain, don’t click!
5. Visual imitation
Many phishing emails appear professional. Logos, colors, and layout are easy to copy. What truly matters is the sender and the link, not the design.
6. If in doubt, ask
If you are unsure, it helps to make a quick inquiry – ideally via another communication channel such as the phone – with the alleged sender. This allows you to quickly clarify whether the request is legitimate.
Additional phishing examples
These examples show typical phishing characteristics found in currently circulating emails. The highlighted areas indicate what you should look for, such as incorrect senders, illogical wording, placeholder fields, urgent warnings, or suspicious links. Recognizing these red flags helps identify fraudulent messages quickly.
These clues expose this phishing email
Source: Own Illustration
Would you have recognized this phishing email?
Source: Own Illustration
Always look closely at emails before clicking on links.
Source: Own Illustration
However, there isn’t always a link hidden directly in the email. Attachments—such as calendar files in .ics format—can also contain malicious links. QR codes can also refer to dangerous content. It is particularly important to never follow a scanned QR code without checking it first.
Phishing is not limited to emails. Social media platforms such as LinkedIn are also increasingly affected. Attackers use fake profiles or direct messages to gain trust and spread malicious links.
Your contribution to greater IT security
Please report suspicious cases to the IT Center: Simply forward the email in question as an attachment to both the IT-ServiceDesk and spam@access.ironport.com. In this way, you too can make a significant contribution to IT security and improve our spam filters.
Want to learn more about phishing and IT security? Then take a look at our blog posts and our documentation portal IT Center Help.
Responsible for the content of this article is Hasret Yildirim.
Leave a Reply