The danger posed by phishing emails is often underestimated, so here are some checkpoints to keep in mind:
Recognise spam / phishing e-mails
- SPAM mails advertise products or mimics newsletters, while phishing targets you or your group directly.
- These mails often contain attached malware. This is why you should never open an e-mail attachment from a sender you do not know.
Text in a spam mails often contains a link that leads to a malicious website: one careless click opens in your browser a fake website that could be infected with malware. - The mail does not address you personally (usually), instead beginning with "Dear customer...".
- The text informs you that you must do something immediately, or else. "If you do not update your data right away, they will be deleted forever..."
- The text uses threats: "If you do not do this, we must unfortunately lock your account..."
- The text requires you to enter confidential data like the PIN for your online banking or a credit card number.
- The e-mail contains links or forms with suspicious URLs containing cryptic web addresses and Top-Level Domains like "*.to, *.me".
- The message text is poorly written and images appear incorrectly formatted or scaled.
- The text contains Cyrillic letters or incorrect or missing special characters.
- If you have doubts about the origin, hover over links and sender addresses to see the links they point to. Sometimes, displayed names such as "University Administration" refer to "gotcha@evilcorp.to.me".
If you receive a suspicious email from a colleague, you can ask in return about the validity of the received message.
What you can do
- Send suspicious e-mail to phishing@uni-jena.de to help update spam detection (see: FSU Jena - URZ Phishing Service).
- Inform your colleagues and IT department via Service Desk or e-mail at it_iap@uni-jena.de.
- In case you clicked on links or opened attachments, change your password at portal.uni-jena.de and get in contact with IT department immediately. It is also possible to contact the FSU URZ IT, which the IAP IT will do as well.
"Spam" is actually a can of "spiced pork and ham". The use for e-mails goes back to a sketch by the comedian Monty Python.
E-mail spam has steadily grown since the early 1990s and is estimated to account 90% of total e-mail traffic.
Further information
- FSU Jena - URZ Phishing Service (de/en)
- Schutz vor Phishing (de)
- BSI information on spam (en | de)
- BSI information on phishing e-mail (en | de)
- Wikipedia (en | de)