{"id":23344,"date":"2025-12-05T15:07:53","date_gmt":"2025-12-05T14:07:53","guid":{"rendered":"https:\/\/blog.rwth-aachen.de\/itc\/?p=23344"},"modified":"2025-12-05T15:07:53","modified_gmt":"2025-12-05T14:07:53","slug":"phishing-erkennen","status":"publish","type":"post","link":"https:\/\/blog.rwth-aachen.de\/itc\/en\/2025\/12\/05\/phishing-erkennen\/","title":{"rendered":"Recognizing Phishing \u2013 Deceptively Real, Yet Highly Dangerous"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_23344 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_23344')){$('.twoclick_social_bookmarks_post_23344').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blog.rwth-aachen.de\\\/itc\\\/en\\\/2025\\\/12\\\/05\\\/phishing-erkennen\\\/\",\"post_id\":23344,\"post_title_referrer_track\":\"Recognizing+Phishing+%E2%80%93+Deceptively+Real%2C+Yet+Highly+Dangerous\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p><div id=\"attachment_23366\" style=\"width: 310px\" class=\"wp-caption alignright\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-23366\" class=\"wp-image-23366 size-medium\" src=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/PhishingWelle_20251112_OM_Blog-300x200.jpg\" alt=\"Symbolbild Phishing\" width=\"300\" height=\"200\" srcset=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/PhishingWelle_20251112_OM_Blog-300x200.jpg 300w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/PhishingWelle_20251112_OM_Blog-1024x683.jpg 1024w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/PhishingWelle_20251112_OM_Blog-768x512.jpg 768w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/PhishingWelle_20251112_OM_Blog.jpg 1500w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><p id=\"caption-attachment-23366\" class=\"wp-caption-text\">Source: Own illustration<\/p><\/div><\/p>\n<h3><span style=\"color: #00549f;\">Why this topic matters<\/span><\/h3>\n<p>Phishing emails are among the most common types of cyberattacks- even at universities. Attackers attempt to obtain passwords, personal data, or access to systems by sending emails that appear deceptively legitimate.<br \/>\nThese messages often look official: they contain logos, signatures, and sender addresses from well-known institutions such as RWTH Aachen Universitys. That is precisely what makes them so dangerous.<\/p>\n<p>In this article, we will show you how such phishing messages are structured and what clues can help you recognize them early on. We will also present current examples from the RWTH so that you can better assess how genuine these emails often appear.<\/p>\n<p>&nbsp;<\/p>\n<p><!--more--><\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">Practical examples<\/span><\/h3>\n<p>In recent weeks, various fraudulent emails have been circulating at the RWTH with subject lines such as:<\/p>\n<ul>\n<li>\u201cAction required. Your email storage is almost full\u201d<\/li>\n<li>\u201cEmail verification required\u201d<\/li>\n<li>\u201cYour account is expiring, please clear your cache\u201d<\/li>\n<\/ul>\n<p>These messages used logos, colors, and language of the RWTH or Microsoft to create trust. However, upon closer inspection, they give themselves away through typical warning signs.<\/p>\n<div id=\"attachment_23386\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/Folie4.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-23386\" class=\"size-large wp-image-23386\" src=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/Folie4-1024x576.jpg\" alt=\"Example of a phishing email\" width=\"1024\" height=\"576\" srcset=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/Folie4-1024x576.jpg 1024w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/Folie4-300x169.jpg 300w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/Folie4-768x432.jpg 768w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/Folie4.jpg 1280w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><p id=\"caption-attachment-23386\" class=\"wp-caption-text\">How to identify a phishing email<br \/>Source: Own Illustration<\/p><\/div>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\">Key indicators of phishing<\/span><\/h3>\n<p><span style=\"font-weight: normal !msorm;\"><strong>1. Urgency or threats<br \/>\n<\/strong><\/span>Phrases such as \u201cYour account will be locked\u201d or \u201cPlease act immediately\u201d are designed to cause stress. Official communication does not use such language.<\/p>\n<p><strong>2. Incorrect or unusual sender address<br \/>\n<\/strong>Even if the display name seems trustworthy, the actual email address often exposes the fraud. If the display name and domain do not match, the email is likely phishing.<\/p>\n<p><strong>3. Illogical or unprofessional wording<br \/>\n<\/strong>Technical terms are often used incorrectly or in unusual ways. Such inconsistencies can quickly reveal phishing attempts.<\/p>\n<p><strong>4. Suspicious links or buttons<br \/>\n<\/strong>Hovering over links shows the actual URL. If the link leads to an unknown or strange domain, don\u2019t click!<\/p>\n<p><strong>5. Visual imitation<br \/>\n<\/strong>Many phishing emails appear professional. Logos, colors, and layout are easy to copy. What truly matters is the sender and the link, not the design.<\/p>\n<p><strong>6. If in doubt, ask<br \/>\n<\/strong>If you are unsure, it helps to make a quick inquiry &#8211; ideally via another communication channel such as the phone &#8211; with the alleged sender. This allows you to quickly clarify whether the request is legitimate.<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\"><strong>Additional phishing examples<\/strong><\/span><\/h3>\n<p>These examples show typical phishing characteristics found in currently circulating emails. The highlighted areas indicate what you should look for, such as incorrect senders, illogical wording, placeholder fields, urgent warnings, or suspicious links. Recognizing these red flags helps identify fraudulent messages quickly.<\/p>\n<div id=\"attachment_23389\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/Folie5.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-23389\" class=\"size-large wp-image-23389\" src=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/Folie5-1024x576.jpg\" alt=\"Example of a phishing email\" width=\"1024\" height=\"576\" srcset=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/Folie5-1024x576.jpg 1024w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/Folie5-300x169.jpg 300w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/Folie5-768x432.jpg 768w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/Folie5.jpg 1280w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><p id=\"caption-attachment-23389\" class=\"wp-caption-text\">These clues expose this phishing email<br \/>Source: Own Illustration<\/p><\/div>\n<div id=\"attachment_23385\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/Folie6.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-23385\" class=\"size-large wp-image-23385\" src=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/Folie6-1024x576.jpg\" alt=\"Example of a phishing email\" width=\"1024\" height=\"576\" srcset=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/Folie6-1024x576.jpg 1024w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/Folie6-300x169.jpg 300w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/Folie6-768x432.jpg 768w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/Folie6.jpg 1280w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><p id=\"caption-attachment-23385\" class=\"wp-caption-text\">Would you have recognized this phishing email?<br \/>Source: Own Illustration<\/p><\/div>\n<div id=\"attachment_23391\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/5-goldene-Regeln-f_r-einen-sicheren-Arbeitsplatz.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-23391\" class=\"size-large wp-image-23391\" src=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/5-goldene-Regeln-f_r-einen-sicheren-Arbeitsplatz-1024x576.jpg\" alt=\"Example of a phishing email\" width=\"1024\" height=\"576\" srcset=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/5-goldene-Regeln-f_r-einen-sicheren-Arbeitsplatz-1024x576.jpg 1024w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/5-goldene-Regeln-f_r-einen-sicheren-Arbeitsplatz-300x169.jpg 300w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/5-goldene-Regeln-f_r-einen-sicheren-Arbeitsplatz-768x432.jpg 768w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2025\/12\/5-goldene-Regeln-f_r-einen-sicheren-Arbeitsplatz.jpg 1280w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><p id=\"caption-attachment-23391\" class=\"wp-caption-text\">Always look closely at emails before clicking on links.<br \/>Source: Own Illustration<\/p><\/div>\n<p>However, there isn&#8217;t always a link hidden directly in the email. Attachments\u2014such as calendar files in .ics format\u2014can also contain malicious links. QR codes can also refer to dangerous content. It is particularly important to never follow a scanned QR code without checking it first.<\/p>\n<p>Phishing is not limited to emails. Social media platforms such as LinkedIn are also increasingly affected. Attackers use fake profiles or direct messages to gain trust and spread malicious links.<\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"color: #00549f;\"><strong>Your contribution to greater IT security<\/strong><\/span><\/h3>\n<p>Please report suspicious cases to the IT Center: Simply forward the email in question <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/1jefzdccuvuch\/article\/a74c9f7e41eb4aae8af2a1fc682a9d53\/\">as an attachment<\/a> to both the <a href=\"mailto:servicedesk@itc.rwth-aachen.de\">IT-ServiceDesk<\/a> and <a href=\"mailto:spam@access.ironport.com\">spam@access.ironport.com<\/a>. In this way, you too can make a significant contribution to IT security and improve our spam filters.<\/p>\n<p>Want to learn more about <a href=\"https:\/\/blog.rwth-aachen.de\/itc\/en?s=phishing\">phishing<\/a> and <a href=\"https:\/\/blog.rwth-aachen.de\/itc\/en\/category\/themen\/it-sicherheit\/\">IT security<\/a>? Then take a look at our blog posts and our <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/1jefzdccuvuch\/article\/44343c9765a44f1cad23f0c4cd75f856\/\">documentation portal IT Center Help<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<hr \/>\n<p>Responsible for the content of this article is <a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/it-center\/it-center\/profil\/team\/~epvp\/mitarbeiter-campus-\/?gguid=PER-HF6GBKE&amp;allou=1&amp;lidx=1\">Hasret Yildirim<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Sorry, this entry is only available in Deutsch.<\/p>\n","protected":false},"author":1859,"featured_media":23366,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"c2c_always_allow_admin_comments":false,"footnotes":""},"categories":[314],"tags":[61,70],"class_list":["post-23344","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it-sicherheit","tag-it-sicherheit","tag-phishing"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/23344","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/users\/1859"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/comments?post=23344"}],"version-history":[{"count":18,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/23344\/revisions"}],"predecessor-version":[{"id":23392,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/23344\/revisions\/23392"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/media\/23366"}],"wp:attachment":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/media?parent=23344"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/categories?post=23344"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/tags?post=23344"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}