Digital Signature: How to verify the authenticity of your e-mails

Schmuckgraphik
Via digital signature you can confirm the identity of the sender and integrity of the transmitted information. If the URZ sends you an e-mail from our OTRS ticket system, the e-mail will have such a digital signature. This makes it easier for you to identify fraudulent e-mails.

Phishing attacks happen ever more often these days. To make it easier for you to identify fraudulent e-mails, the OTRS ticket system of the URZ sends all e-mails to you in combination with a digital signature. This enables you to verify the authenticity of all our notifications regarding the central IT services. 

Be careful with all unsigned e-mails supposedly sent from the URZ. If you are unsure, please contact our IT Service Desk.

Example: Phishing-E-Mail

This fraudulent e-mail was supposedly sent from the URZ. It informs you about an alleged virus on your system. The user is asked to click on a link in the e-mail to "scan his/her system". 

However, the link leads the user to a hacked website and looks similar to this: http://www [dot] gehackte-website [dot] com/wp-content/plugins/email-subscribers/lite/includes/cloud [dot] php?rem=max [dot] mustermannattu-freiberg [dot] de

If the user follows this link the actual attack begins and malware is downloaded onto the user's PC to infect his/her system.

You can already tell by the sender's name (@hrz.tu-freiberg.de), that this name does not match with the real address of the sender (@upgrade.com). Note that the digital signature is also missing.

Screenshot Phishing-Mail

Example: E-Mail with digital signature

Screenshot Outlook-PosteingangIf you use Outlook, you can already identify digitally signed e-mails in your mailbox via the red icon in the top right. 


Screenshot digitale SignaturLooking at the detailed view of the e-mail you can also find this red icon in the top right. By clicking on the icon you can find further information regarding this digital signature.


Screenshot gültige digitale SignaturA valid digital signature looks like this. This enables you to verify the authenticity of the sender and the integrity of the transmitted information.


Screenshot Eigenschaften der NachrichtensicherheitVia "Details" the properties of the message security are outlined. They contain more information regarding the signature.


Screenshot SignaturIn the detailed signature information the issuing CA (Certificate Authority) is listed. In this case the certification was issued by DFN-Verein Global Issuing CA.


Screenshot ZertifikatYou can also view the certificate information in here and find further information.