News

Fisherman Fritz phishes fresch passwords.

How and why does he do that?

(published on 07.09.2021 by Marianne Rudigier)

We know that the prince from Nigeria, who wants to temporarily park 2.000.000€ on our account, is unfortunately not to be trusted completely. Just yesterday, I received another e-mail informing me that Mr. Charles W. (presumably the prince himself!) has chosen my e-mail account for a charitable donation of 450,000€ and that I should contact him at the e-mail address provided. Of course I will not push my luck and answer immediately.[1]

Hackers have also learned a lot in the last few years and digital translation programs are already much better than they were 5 years ago (I love deepl...), so that even spelling and grammar mistakes can now be easily corrected. Websites can now be copied down to the smallest detail in no time at all, making it increasingly difficult to distinguish the fake from the original.

A phishing attack usually involves sending a large number of e-mails to many potential victims. Attempts are made to grab data on behalf of banking institutions, mobile phone providers, online mail order companies or parcel delivery companies and the like. Often, the emails are customized to the company.

For example, I received e-mails informing me that my e-mail account was full and that it would be blocked if I did not log in via the link provided within the next three hours. The sender of these e-mails was a TU Wien e-mail address. Apparently an already compromised account from which further phishing e-mails were sent to grab even more data. Although the e-mails contained various errors, it is often difficult for colleagues from the international research environment who are not native speakers of German to recognize this. Therefore, it is important to pay attention to the following:

  • E-mails in which you are requested to register on a page under a given link and to do so as quickly as possible in order to avoid negative consequences will not be sent by the TU Wien.
  • Check the sender addresses of e-mails carefully. In a hurry, it is very easy to overlook that the address infosec-tuwien.ac.at@gmail.com is not a TU Wien e-mail address.
  • Pay attention to the content of the e-mail! For example, be skeptical if you receive a reply to an e-mail you sent months ago, even if the reply comes from a trustworthy address. Such e-mails often have a file attached, which you are asked to open because it contains the response. This file usually contains the malware, which is then activated when you open it.
  • If you are not sure whether an e-mail is a phishing e-mail or not, please send the e-mail as an attachment to the colleagues of TU.it at phishing@tuwien.ac.at. The colleagues will check the e-mail accordingly.
  • Inform new colleagues about the four points mentioned above!

What is behind phishing?

Phishing attacks mainly cause financial damage. Anyone who falls victim to such an attack and enters their credit card number and all related data on a fake page gives the attackers everything they need for an extensive Internet shopping tour at someone else's expense. In addition, phishing e-mails often include file attachments that contain malware. Each click on such a file then leads - often unnoticed - to an infection of the computer or a server with a malicious program. This can be a Trojan, bots or ransomware.[2]

Trojans, bots, ransom-what? More on that, in the next post.

I also recommend the new online training on information security. You can find it at the following link: tiss.tuwien.ac.at/tu_events/tu_event/8363, opens an external URL in a new window

 

[1] At phishing@tuwien.ac.at with the corresponding email as attachment, so that the colleagues of TU.it can check and block the sender.

[2] Cf. BSI: How dangerous is phishing? www.bsi-fuer-buerger.de/BSIFB/DE/Risiken/SpamPhishingCo/Phishing/Gefahr_von_Phishing/welche-gefahr-geht-von-phishing-aus_node.html, opens an external URL in a new window, opens an external URL in a new window (last accessed on 13.01.2021).