THIS WAS A PHISHING E-MAIL!
To prevent this from happening again, please complete the e-learning „Information Security at TU Wien“. You can find access to the English version in the TISS training catalog under the following link: https://tiss.tuwien.ac.at/tu_events/tu_event/12265.
By the way,
…this is a phishing campaign orchestrated by the TU Wien, which aims to sharpen your attention in dealing with e-mails.
Of course, you do not have to fear any negative consequences because you clicked here! This can happen to anyone. We will not inform anyone that you have clicked. We have not saved your password either! You therefore do not need to change it as long as it is secure and unique. If you need to change your password, please contact help@it.tuwien.ac.at. The colleagues will support you with questions and any problems you may have.
With this phishing e-mail, we would like to draw your attention to the fact that such e-mails are getting better and better. They are often tailored to specific target groups (so-called spear phishing). So it is no longer just the “prince from Nigeria” who wants to give us all his money, but newsletters from relevant institutions, for example, are used to target specific people with user names and passwords.
With the help of this data, the attackers then try to penetrate the company’s central systems in order to steal further data and/or launch a ransomware attack.
How could you have recognized that this was so-called spear phishing?
Before clicking on a link in an e-mail, you should always check the link by moving the mouse pointer over the login field. In this case, it would have been the link “https://wordpresspro.live/?rid=IOOQcFU”, which should be classified as untrustworthy. However, checking the link is often not enough to find out whether you can click on it or not, as potential attackers could also have bought the domain innovationhubaustria.at in order to link to it. In the context of the e-mail, it would then be much more difficult to determine whether the link is trustworthy or not.
You could also have researched whether the platform actually exists at the address given. You can find an “Innovation Hub Austria” via Google search. However, it is located at a different address and has a different target group.
If you are not sure whether an e-mail or a link is trustworthy, you can send the e-mail as an attachment to phishing@tuwien.ac.at. The colleagues from Campus IT will then check the e-mail and give you appropriate feedback.
You can find more detailed information on the subject of phishing in the Campus IT knowledgebase at the following link: https://colab.tuwien.ac.at/x/FwZ1C.
If you have any questions regarding the TU Wien phishing campaign, please contact infosec@tuwien.ac.at.