Digital Signature: How to verify the authenticity of your e-mails
Phishing attacks happen ever more often these days. To make it easier for you to identify fraudulent e-mails, the OTRS ticket system of the URZ sends all e-mails to you in combination with a digital signature. This enables you to verify the authenticity of all our notifications regarding the central IT services.
Be careful with all unsigned e-mails supposedly sent from the URZ. If you are unsure, please contact our IT Service Desk.
This fraudulent e-mail was supposedly sent from the URZ. It informs you about an alleged virus on your system. The user is asked to click on a link in the e-mail to "scan his/her system".
However, the link leads the user to a hacked website and looks similar to this:
http://www [dot] gehackte-website [dot] com/wp-content/plugins/email-subscribers/lite/includes/cloud [dot] php?rem=max [dot] mustermanntu-freiberg [dot] de
If the user follows this link the actual attack begins and malware is downloaded onto the user's PC to infect his/her system.
You can already tell by the sender's name (@hrz.tu-freiberg.de), that this name does not match with the real address of the sender (@upgrade.com). Note that the digital signature is also missing.