New wave of phishing mails: Gift cards for the supervisor

Decorative graphic
Mails are being sent that appear to come from supervisors and request the recipient to buy gift cards. Do not reply to these mails, do not click on any links they may contain and delete the messages straightaway.

An unexpected query from the professor

When you receive a surprising email from your supervisor, you should currently be extra cautious. Fraudsters have apparently scraped the university website for names, titles and addresses of staff and are sending mails that appear to be coming from the respective supervisor. The messages look harmless at first and ask for a small favor, for example:

Hello [Name],
I need you to run a quick task for me.
Please send me an email as soon as possible.
Regards,
Prof. Dr. [Name]
[Title]

The "from" field uses the correct name and the information from the signature is taken from the website, while the return address is using external mail providers, such as gmail.com. Both English and German are known to be used.

If you do not recognize the forgery immediately and you reply, you will be asked to buy a gift card under a pretext and then submit the code to the scammer:

Hi [Name],
Thanks for the response, I need to send Google play gift cards to some prospects but I can’t do that right now because I’m currently busy in the Hospital checking on a friend, he's critically ill. Let me know if its possible to get them right now, so I can tell you the amount needed on each cards. I’ll reimburse you.

In this case an urgent hospital visit is used against the backdrop of the ongoing corona crisis, while other mails refer to a longer meeting. Once the codes for gift cards (such as Google Play, Amazon or iTunes) are redeemed, the transaction cannot be undone and the money is irreversibly lost. Criminal complaints almost never lead to the perpetrator being discovered.

What should I be looking out for?

Be vigilant while checking your emails. You should be especially distrustful when you notice one of the following signs:

  • The sender does not use the usual address or
  • the address does not match the sender,
  • grammar or spelling are unusually bad,
  • you are being pressured (the matter is presented as exceptionally pressing or important),
  • contains an attachment or a link.

If you are at all unsure about a message, do inquire – better safe than sorry!

  • Call the supposed sender of the message or
  • send them a message to a known email address.
  • You can also get in touch with the IT service desk (see below).

I need to report an incident

Did you already reply to one of these mails, have opened a link or attachment contained in one or did you reveal information? Do you have questions regarding emails or IT security? Don't hesitate to contact the IT service desk via email at servicedeskattu-freiberg [dot] de or call 1818.

Further information

For more information on the current threat situation, we have provided some sources for you to read (mostly in German):