{"id":6942,"date":"2020-02-07T15:00:33","date_gmt":"2020-02-07T14:00:33","guid":{"rendered":"https:\/\/blog.rwth-aachen.de\/itc\/?p=6942"},"modified":"2025-02-24T11:18:21","modified_gmt":"2025-02-24T10:18:21","slug":"phishing-attacke-rwth-e-mail","status":"publish","type":"post","link":"https:\/\/blog.rwth-aachen.de\/itc\/en\/2020\/02\/07\/phishing-attacke-rwth-e-mail\/","title":{"rendered":"Phishing Attack on RWTH E-Mail Accounts: Data Theft \u2013Not with us!"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_6942 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_6942')){$('.twoclick_social_bookmarks_post_6942').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blog.rwth-aachen.de\\\/itc\\\/en\\\/2020\\\/02\\\/07\\\/phishing-attacke-rwth-e-mail\\\/\",\"post_id\":6942,\"post_title_referrer_track\":\"Phishing+Attack+on+RWTH+E-Mail+Accounts%3A+Data+Theft+%E2%80%93Not+with+us%21\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><!-- wp:paragraph -->\r\n<p>Hardly a day goes by without the media reporting on data theft by phishing, Trojans and so forth. The RWTH Aachen University has also been attacked recently. Already for several months, our mailboxes have been flooded with SPAM mails. For us as IT provider of the <a href=\"https:\/\/www.rwth-aachen.de\/\">RWTH Aachen University<\/a> this means that we do not want to let you fall into the phishing traps and other similar dangers.<\/p>\r\n<p><!-- \/wp:paragraph --><\/p>\r\n<p>&nbsp;<\/p>\r\n<p><!-- wp:paragraph --><\/p>\r\n<p>In this blog post, you will find everything you need to know to protect your data and mailboxes from phishing, so that data theft does not happen in the first place.<\/p>\r\n<!-- \/wp:paragraph -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:more -->\r\n<p><!--more--><\/p>\r\n<!-- \/wp:more -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:heading {\"level\":3} \/-->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:paragraph \/-->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:heading {\"level\":3} -->\r\n<h3>What happened so far? Phishing Attack with Fake RWTH Mail App Interface<\/h3>\r\n<!-- \/wp:heading -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:paragraph -->\r\n<p>On January 29<sup>th<\/sup>, 2020, 1.418 RWTH e-mail accounts were contacted as part of a phishing attack. The RWTH members received e-mails containing, among other things, a link to a fake web interface that was almost identical to the RWTH login mask for the RWTH Mail App. The fake RWTH Mail App is hardly recognisable as fraud to the naked eye.<\/p>\r\n<!-- \/wp:paragraph -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:image {\"id\":6949,\"align\":\"center\"} -->\r\n<div class=\"wp-block-image\">\r\n<figure class=\"aligncenter\">\r\n<div id=\"attachment_6949\" style=\"width: 615px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-6949\" class=\"wp-image-6949\" src=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2020\/02\/grafik-2.png\" alt=\"\" width=\"605\" height=\"455\" srcset=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2020\/02\/grafik-2.png 605w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2020\/02\/grafik-2-300x226.png 300w\" sizes=\"auto, (max-width: 605px) 100vw, 605px\" \/><p id=\"caption-attachment-6949\" class=\"wp-caption-text\">Keep your eyes open when surfing: Fake web interface of the RWTH Mail App. The latest phishing attempt. The URL clearly shows that it is not an official RWTH web application. <br \/>Source: Own illustration<\/p><\/div>\r\n<\/figure>\r\n<\/div>\r\n<!-- \/wp:image -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:heading {\"level\":3} -->\r\n<h3>The Consequence<\/h3>\r\n<!-- \/wp:heading -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:paragraph -->\r\n<p>If you enter your access data in this fake login mask, they are tapped without encryption. This gives the attacker access to your mailbox \u2013and probably much more. The RWTH Mail App is one of the most used web applications of the university. Almost all members of the RWTH have at least one e-mail address that can be accessed via this application. Unfortunately, it has happened that a few users have entered their login data in the fake interface. In the course of this, the responsible department has taken all necessary protective measures and those concerned have been informed. Basically, something like this can happen to anyone. The only thing that is important is to handle the data carefully and report it to the <a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/it-center\/Services\/Support-Moeglichkeiten\/~smkoi\/IT-ServiceDesk\/?lidx=1\">IT-ServiceDesk<\/a> if you face security risks in the world wide web.<\/p>\r\n<!-- \/wp:paragraph -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:paragraph -->\r\n<p>For this reason, the provider of the fake website was informed and the URL was blocked in order to eliminate the source of danger as quickly as possible.<\/p>\r\n<!-- \/wp:paragraph -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:heading {\"level\":3} -->\r\n<h3>What you can do to be on the safe side?<\/h3>\r\n<!-- \/wp:heading -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:list -->\r\n<ul>\r\n<li>First of all, we all have to check the websites we surf for authenticity. You can do this by checking the link or URL in your browser. Often your browser already tells you if it is probably not a secure site you are trying to enter. The red exclamation mark is your additional warning.<\/li>\r\n<li>Do you know the presumed RWTH-URL\/link or is it even striking? Then please, report it immediately to the <a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/it-center\/Services\/Support-Moeglichkeiten\/~smkoi\/IT-ServiceDesk\/?lidx=1\">IT-ServiceDesk<\/a>.<\/li>\r\n<\/ul>\r\n<!-- \/wp:list -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:image {\"id\":6947} -->\r\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"184\" height=\"126\" class=\"wp-image-6947\" src=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2020\/02\/Pfeil.png\" alt=\"\/\" \/><\/figure>\r\n<!-- \/wp:image -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:image {\"id\":6950} -->\r\n<figure class=\"wp-block-image\">\r\n<div id=\"attachment_6950\" style=\"width: 542px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-6950\" class=\"wp-image-6950\" src=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2020\/02\/verdaechtige_URL.png\" alt=\"Both browser and URL indicate that the page is not secure. Therefore please look explicitly into the browser line!\" width=\"532\" height=\"71\" srcset=\"https:\/\/blog.rwth-aachen.de\/itc\/files\/2020\/02\/verdaechtige_URL.png 532w, https:\/\/blog.rwth-aachen.de\/itc\/files\/2020\/02\/verdaechtige_URL-300x40.png 300w\" sizes=\"auto, (max-width: 532px) 100vw, 532px\" \/><p id=\"caption-attachment-6950\" class=\"wp-caption-text\">Both browser and URL indicate that the page is not secure. Therefore please look explicitly into the browser line!<br \/>Source: Own illustration<\/p><\/div>\r\n<\/figure>\r\n<!-- \/wp:image -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:list -->\r\n<ul>\r\n<li>The RWTH Single Sign-On applications, such as RWTHmoodle, RWTHonline or the RWTH Selfservice always start with \u201csso.rwth-aachen.de\u201d. In a direct comparison with the fake login mask of the RWTH Mail App this becomes clear again (see above).<\/li>\r\n<li>Please, also pay attention to the correct spelling in the URL. Even small deviations like the triple-a in \u201chttps:\/\/rwth-aaachen.de\/\u201d are potential danger spots when surfing the web.<\/li>\r\n<li>If you are not sure and want to use a trusted source, first go to IT Center Help. Here we have the instructions for our IT-Services ready, but also always the authentic links to the applications.<\/li>\r\n<li>From the <a href=\"https:\/\/app.rwth-aachen.de\/myitcenter\/#home?\">My IT Center Portal<\/a> you can also access a variety of web applications used at RWTH. These Links are save to use.<\/li>\r\n<li>Make sure you have read the <a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/rhb2fhkpjhb7\/article\/be30ec29f4b747aeb2582f6004c1c9ce\/\">safety instructions<\/a> we have provided in the documentation portal. Here you can find out how to check a website for authenticity in detail.<\/li>\r\n<\/ul>\r\n<!-- \/wp:list -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:heading {\"level\":3} -->\r\n<h3>The Phishing Site is gone. What now?<\/h3>\r\n<!-- \/wp:heading -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:paragraph -->\r\n<p>A fake website rarely comes alone. Again and again, fake websites are created to steal and access personal data such as login credentials. We will keep up to date on all the channels available to us on the subject of phishing and online security. That is why we recommend that you regularly keep an eye on our latest news and social media articles.<\/p>\r\n<!-- \/wp:paragraph -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:paragraph -->\r\n<p>With the instructions, screenshots and recommendations for action and up-to-date information, we do what we can to protect you from phishing and the like.<\/p>\r\n<!-- \/wp:paragraph -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:paragraph -->\r\n<p>Here again, all links and sources worth knowing:<\/p>\r\n<!-- \/wp:paragraph -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:list -->\r\n<ul>\r\n<li>RWTH Aachen University Mail App: <a href=\"https:\/\/mail.rwth-aachen.de\/owa\">https:\/\/mail.rwth-aachen.de\/owa<\/a><\/li>\r\n<li><a href=\"https:\/\/app.rwth-aachen.de\/myitcenter\/#home?\">My IT Center Portal<\/a><\/li>\r\n<li><a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/IT-Center\/IT-Center\/~fehb\/Aktuelle-Meldungen\/lidx\/1\/\">Announcements on the IT Center website<\/a><\/li>\r\n<li><a href=\"https:\/\/help.itc.rwth-aachen.de\/en\/service\/rhb2fhkpjhb7\/article\/be30ec29f4b747aeb2582f6004c1c9ce\/\">Safety Instructions<\/a> in IT Center Help<\/li>\r\n<li>Contact: <a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/it-center\/Services\/Support-Moeglichkeiten\/~smkoi\/IT-ServiceDesk\/?lidx=1\">IT-ServiceDesk<\/a><\/li>\r\n<\/ul>\r\n<!-- \/wp:list -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:paragraph -->\r\n<p>Make sure you also check out the videos on detection of senders, attachments and links:<\/p>\r\n<!-- \/wp:paragraph -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:list -->\r\n<ul>\r\n<li><a href=\"https:\/\/secuso.aifb.kit.edu\/english\/1047.php\">https:\/\/secuso.aifb.kit.edu\/english\/1047.php<\/a><\/li>\r\n<\/ul>\r\n<!-- \/wp:list -->\r\n<p>&nbsp;<\/p>\r\n<!-- wp:paragraph -->\r\n<p>Responsible for the content of this article are <a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/IT-Center\/IT-Center\/Team\/~epvp\/Mitarbeiter-CAMPUS-\/?gguid=0x076EFD6C62ADCF4D868FB7134A14B07C&amp;allou=1\">Nicole Filla<\/a> and <a href=\"https:\/\/www.itc.rwth-aachen.de\/cms\/IT-Center\/IT-Center\/Team\/~epvp\/Mitarbeiter-CAMPUS-\/?gguid=0xA54936838B734444B130F51A7DE93286&amp;allou=1&amp;lidx=1\">Thorsten Kurth<\/a>.<\/p>\r\n<!-- \/wp:paragraph -->","protected":false},"excerpt":{"rendered":"<p>Sorry, this entry is only available in Deutsch.<\/p>\n","protected":false},"author":1413,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"c2c_always_allow_admin_comments":false,"footnotes":""},"categories":[314],"tags":[61,70,49],"class_list":["post-6942","post","type-post","status-publish","format-standard","hentry","category-it-sicherheit","tag-it-sicherheit","tag-phishing","tag-spam"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/6942","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/users\/1413"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/comments?post=6942"}],"version-history":[{"count":24,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/6942\/revisions"}],"predecessor-version":[{"id":21515,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/posts\/6942\/revisions\/21515"}],"wp:attachment":[{"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/media?parent=6942"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/categories?post=6942"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.rwth-aachen.de\/itc\/en\/wp-json\/wp\/v2\/tags?post=6942"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}