“Check your e-mail account …”

Did you think you had to act quickly when you read the headline? That’s exactly what criminals had in mind when they sent emails with this subject to various recipients within the TU Chemnitz.

The email could have gone something like this:

Clicking on the link takes you to the Outlook Web App (top picture).

However, this is not the Outlook Web App of the TU Chemnitz, but merely a website pretending to be one. The differences between the fake (above) and the original (below) are subtle:

  • The address line of the original shows https://msx.tu-chemnitz.de/ and not the domain https://amkdesing.com/, which has nothing to do with the TU Chemnitz.
  • The fake login page is displayed in English, but our default language is German.

If you enter your password on the fake page, you are then redirected to the correct destination. Everything looks as if you have mistyped your password. You enter your password a second time and do not even suspect that other people are now in possession of your password and will misuse it for criminal purposes.

If you received such an e-mail and entered the password in the “Outlook Web App”, please act immediately:

  • Change your password in the IdM portal.

The following signs of such phishing attacks should make you suspicious:

  • You receive an e-mail that builds up time pressure or wants to scare you. In this specific case, your mailbox is to be blocked at short notice.
  • You are asked to perform routine actions that you don’t think about: in the specific case of a login to the Outlook Web App.

We take the following precautions so that you can distinguish between questionable and authentic mails:

  • E-mails from the URZ user service or e-mails relating to security-relevant topics are digitally signed using S/MIME. See here: website for personal certificates
  • We never link to forms for changing passwords or similar, but rely on them finding their way there via the TU Chemnitz website.
  • You can ask the URZ User Service whether a supposed mail for changing the password was really sent by the URZ.
Tagged with: ,
Posted in IT-Security, Uncategorized

Leave a Reply