Fraudulent e-mails from the rector

Road signs with the word scam written on it
Scammers are targeting members of the university again and are sending e-mails using Prof. Barbknechts name. Do not reply to these mails, do not click on any links they may contain and please report suspicious mails.

An unexpected message

When you get a surprising mail from our rector, you should be extra careful. Scammers have once again used publicly available information to compile names and addresses of members of the university and use them for fake e-mails. The harmless looking messages are circulating in different languages and ask for a quick favor at first, for example:

Haben Sie einen Moment Zeit, ich habe eine Bitte, die Sie diskret behandeln müssen. Ich gehe jetzt in ein Meeting, keine Anrufe, also antworten Sie einfach auf meine E-Mail. Prof. Dr. Klaus Dieter Barbknecht Rektor Gesendet von meiner Mail für Samsung

If you miss the telltale sender address (in this case @gmail.com) and reply, you will eventually be asked to buy gift cards. The criminals are looking to collect the codes from these cards which can be sold later for cash on the black market.

GROSSARTIG!  Ich möchte, dass du Folgendes für mich tust, weil ich gerade ein wenig beschäftigt bin.  Ich wollte einige unserer fleißigen Mitarbeiter mit einem Bonus überraschen. Dies sollte vertraulich bleiben, bis sie alle die Geschenkgutscheine als Überraschung haben und Sie auch einen für sich behalten werden.   Schaffst du das?  und wie bald?

Similar mails that use the pretense of the war in Ukraine or a hospital visit due to a case of corona virus are also circulating.

For an example of an English scam message, please see our warning from last year: New phishing mails with the subject "available"

What should I be looking out for?

Be vigilant while checking your emails. You should be especially distrustful when you notice one of the following signs:

  • The sender does not use the usual address or
  • the address does not match the sender,
  • grammar or spelling are unusually bad,
  • you are being pressured (the matter is presented as exceptionally pressing or important),
  • contains an unexpected attachment or a link to an unfamiliar domain.
Being asked to buy gift cards (such as Google Play / Apple / Steam / Playstation, Paysafecard, Enteropay, ...) is always extremely suspicious. Criminals will also use password protected attachments to avoid virus scanners. Do not disable protected view in office documents.

If you are at all unsure about a message, do inquire – better safe than sorry!

  • Call the supposed sender of the message or
  • send them a message to a known email address.
  • You can also get in touch with the IT service desk (see below).

I need to report an incident

Did you already reply to one of these mails, have opened a link or attachment contained in one or did you reveal information? Please let us know immediately at securityattu-freiberg [dot] de or call the IT service desk (-1818).

When forwarding suspicious mails to us, please do so using the "forward as attachment" function (How-To guide).

If you have any questions, please do not hesitate to get in touch.

Fragen beantwortet / Contact: 
Dr. Felix Eckhofer, Information Security Officer, security@tu-freiberg.de