Attention: Fake emails are currently circulating again that appear to come from the professor. You will be asked if you can take care of an assignment quickly and then asked to get voucher cards. Do not reply to these emails. Do not pay under any circumstances, otherwise the money will be gone.
Unexpected mail from the professor
Please be attentive and careful if you receive an e-mail from your professor. It could be a fake. Fraudsters have apparently searched the website for the names, titles and addresses of university staff and are now sending emails that appear to come from their superiors. The innocuous-looking messages initially ask for a short favour, for example:
I have a task that needs to be completed as soon as possible. Can you take care of it?
The sender is set to the correct name. An external email provider such as gmail.com is used as the sender address. The emails are circulating in German and English.
Those who do not immediately notice the forgery and reply to it are asked to buy gift cards and send the code under a pretext:
[name],
I have a full schedule today as I am busy with a webinar conference call with some new employees and stakeholders.
With Christmas around the corner, we need to reward our outstanding employees and stakeholders. I need your help to purchase e-voucher gift cards from Apple/iTunes, specifically three cards worth £200 each. You can either buy them online or if possible quickly visit a shop near you. This is to show our appreciation for our employees. What are your thoughts on this?
We are planning to reward some employees and stakeholders with this and I would be grateful if this could remain confidential until we officially announce it. Can you confirm if we can get some today? I would like you to arrange the purchase of the gift card and I will refund you the money after my meeting.
Please let me know if you can do this for me now,
Professor [name].
Once used, codes for gift cards (for example for Google Play, Amazon or iTunes) cannot be recalled, the money is irretrievably lost. Criminal charges for fraud are virtually always unsuccessful.
[name],
I want you to buy anything you can easily find when you get €200 x 3 = €600 or buy €100 x 6 = €600.
When you get it, the plastic gift card is attached in the package. You must unseal the gift card to display the claim code and attach a clear picture of the PIN codes on all cards.
Greetings,
Professor [name].
What should I look out for?
Be vigilant when reading your emails. You should be particularly suspicious if you notice any of the following:
- The sender is not using the usual sender address or
- the address doesn't match the sender,
- the grammar or spelling is unusually poor,
- they are trying to put you under pressure (exceptionally urgent or important),
- they include an attachment or a link.
If you are unsure about a message, ask and play it safe!
- Call the supposed sender or
- write directly to a known email address.
- You can also contact the IT Service Desk (see below).
.
I would like to report an incident
Have you already replied to such an email, clicked on a link or attachment or passed on information? Do you have any questions about emails or IT security? Then please contact the IT Service Desk by email at servicedesk [at] tu-freiberg [dot] de (servicedesk[at]tu-freiberg[dot]de) or by phone on 1818.
More information
For more information on the current threat situation, we have summarised some sources for you to read:
- Achtung: Phishing wave with subject "Available" (only accessible internally at the university)
Source: tu-freiberg.de/urz, 23.04.2021 - New phishing wave: vouchers for superiors (only accessible internally)
Source: tu-freiberg.de/urz, 16.04.2020 - Spam, phishing & co. (only available within the university)
Source: tu-freiberg.de/urz