Versions Compared

Old Version 4

changes.mady.by.user Kröger Odin

Saved on

compared with

New Version 5

changes.mady.by.user Kröger Odin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If the email requests that you visit a website and is not from somebody you know, it is likely fraudulent. Again, check whether the email appears to be from somebody who can make that request legitimately.But don’t stop there! Also check whether the website the email asks you to visit matches the request. For example, if the email asks you to so something that requires you to login into your University of Vienna account, then the domain part of the website’s address, that is, the part before the first between “http://” or “https://” and the next /”, must end with “.univie.ac.at”. Again, watch out for variations! For example, if the domain ends with “.univle.ac.at” or “univie.info”, then the website does not belong to the University of Vienna. The website’s domain must end with “.univie.ac.at”, nothing else or the email is certainly fraudulent. The reverse does not hold true, however. Just because the website appears to be the University of Vienna, the email may still be fraudulent. There are ways to forge these addresesaddresses. Also, the University of Vienna’s network is large, some servers are run by individual departments, and hackers manage to gain access to those from time to time.

...

If the answer to more than one of these questions is “No,” you should be suspicious. Again, the reverse is not true. An malicious actor may be take the time to craft a good story or even target you personally.

An Example

Here is an example:

Betreff:     Dringende Infos
Datum:     Mon, 14 Oct 2019 08:48:56 +0100
Von:     Studienzulassung@univie.ac.at <a12345678@unet.univie.ac.at>
An:     Recipients <Studienzulassung@univie.ac.at>

Sehr geehrte/r

Sie haben 1 neue wichtige Planungsnachricht

Klicken Sie hier, um zu lesen  <https://forcerealty.com/cgi>

Danke,

Universität Wien
Universitätsring 1
1010 Wien

Dies ist ein automatisch generiertes E-Mail; bitte keine Antwort an diese Adresse schicken!

There are many things to note about this email, from top to bottom:

  1. The subject claims that the email is urgent (“Dringende Infos”).
  2. It’s from a University of Vienna email address. But if you look more closely, you’ll see that it claims to be from Studienzulassung@univie.ac.at, but is really from a12345678@unet.univie.ac.at. That there are two different email addresses in the “From:” field is a warning sign in itself. (In this case, the real email address belongs to a student, whose account has probably been hacked.) What is more, the email address doesn’t match the narrative of the email. The email tells you about a “planing message,” but claims to hail from the department for student enrolment (”Studienzulassung”). Why would that department send you a “planning message” (whatever that is?). Are you involved in student enrolment?
  3. The email is not addressed to you in person. (“Sehr geehrte/r”)
  4. The email appears to be from some department of the University of Vienna, but asks you to visit a website that does not belong to the University of Vienna. You can see this because it’s domain part, that is, the part between “https://” and the next “/” reads “forcerealty.com”, so it does not end with “univie.ac.at”.

The points 2 and 4 of this list are each sufficient on their own to judge this email fraudulent.

In case of doubt

If you’ve read the list above carefully, you will have noticed there are no hard and fast rules to determine whether an email is fraudulent. You have to use your judgement. If you aren’t sure, call the sender by phone. (If you can’t, then you don’t ‘really’ know the sender and should regard the email as more suspicious for it). You can also ask us, the department’s IT support, for our opinion. We are also happy if you inform us about fraudulent email you got, so that we can warn others; in particular if it’s a well-crafted one.