Emails are currently circulating that appear to come from superiors and request the purchase of voucher cards. Do not reply to these emails, do not click on the links they contain and delete the messages immediately.
Unexpected mail from the professor
If you receive a surprise email from your line manager these days, you should be particularly vigilant. Fraudsters have apparently searched the website for the names, titles and addresses of university employees and are now sending emails that appear to come from their superiors. The innocuous-looking messages initially ask for a short favour, for example:
Hello [name],I need you to run a quick task for me.Please send me an email as soon as possible.Regards,Prof. Dr [name][title]
The sender is set to the correct name and the information in the signature is taken from the website; external mail providers such as gmail.com are used as the sender address. The emails are circulating in both English and German.
Those who do not immediately notice the forgery and respond are asked to buy gift cards and send the code under a pretext:
Hi [name],Thanks for the response, I need to send Google play gift cards to some prospects but I can't do that right now because I'm currently busy in the Hospital checking on a friend, he's critically ill. Let me know if its possible to get them right now, so I can tell you the amount needed on each cards. I'll reimburse you.
In this case, the current coronavirus crisis refers to an urgent hospital visit, while in other emails the scammers pretend to be in a longer meeting. Once codes for gift cards (for example for Google Play, Amazon or iTunes) have been used, they cannot be recalled and the money is irretrievably lost. Criminal charges for fraud are practically always unsuccessful.
What should I look out for?
Be vigilant when reading your emails. You should be particularly suspicious if you notice any of the following:
- The sender is not using the usual sender address or
- the address doesn't match the sender,
- the grammar or spelling is unusually poor,
- they are trying to put you under pressure (exceptionally urgent or important),
- they include an attachment or a link.
If you are unsure about a message, ask and play it safe!
- Call the supposed sender or
- write directly to a known email address.
- You can also contact the IT Service Desk (see below).
I would like to report an incident
Have you already replied to such an email, clicked on a link or attachment or passed on information? Do you have any questions about emails or IT security? Then please contact the IT Service Desk by email at servicedesk [at] tu-freiberg [dot] de (servicedesk[at]tu-freiberg[dot]de) or by phone on 1818.
More information
For more information on the current threat situation, we have summarised some sources for you to read:
- Caution: Current phishing emails exploit corona
Source: tu-freiberg.de/urz, 26.03.2020 - Vorsicht Corona-Phishing: Aktuelle Mails setzen auf Angst und Verunsicherung
Quelle: heise.de, 20.03.2020 - Update: Cyber criminals exploit corona
Source: bsi-fuer-buerger.de, 16 March 2020 - Infection danger on the net - corona malware, part 1: Infected apps and maps
Source: heise.de, 25.03.2020 - Danger of infection on the web - Corona malware, part 2: Upcycling old hats
Source: heise.de, 26.03.2020