The University of Vienna is so kind to tell the whole world about your email address, and the world surely is making use of that information. It’s just that its intentions aren’t always good. There are malicious actors out there who want to trick you into disclosing your University of Vienna username and password, infect your computer with malicious software, get you to pay them money, or simply to visit a website. Some of those emails are easy enough to recognise (”You have won $100,000,000 in the ACME Inc. Lottery! Just send us your credit card number, its expiry date, your CVC, and your date of birth , and some blood of your first-born by TOMORROW!”). This is no accident; the people who send these emails only want you to reply if you are gullible enough to fall for their schemes. However, some of these emails are harder to recognise; namelyabove all, those that are crafted to trick you into revealing your username and your password or running malicious software. So here is checklist to help you decide whether you should trust an email.
...
If the email is not from somebody you know, it may be fraudulentcareful. Check what it wants you to do and whether it appears to be from somebody who can make that request ask you to do so legitimately. For example, if an email requests that you login into your University of Vienna account, does it originate from the University of Vienna’s computer centre? That is, does You can check this by looking at the sender’s address end in . If it ends with “@univie.ac.at” and does the part in front of the “@univie.ac.at” contain contains “zid” (for Zentraler Informatikdienst) ? it is from the University of Vienna’s computre cetre. If not, the email is not legitimate. Watch out for variations! For example, a malicious actor may send an email from an address that ends in “@univle.ac.at” or “@univie.edu.” These are not legitmate. Only addresses ending in It's only when the sender's address ends with “@univie.ac.at” arethat the sender works or studies at the University of Vienna. If the sender is not legitimate, the email is certainly fraudulent. The reverse does not hold true, however. Just because the sender appears legitimate, the email may still be fraudulent. There are ways to forge sender addresses. And malicious sometimes actors manage to get illegitimate access to legitimate accounts.
Does the email request that I visit a website (or imply that I should)?
If the email requests that you visit a website (or implies that you should) and is not from somebody you know, it is likely fraudulent. Again, check whether the email appears to be from somebody who can make that request legitimately.But don’t stop there! Also check whether the website the email asks you to visit matches the request. For example, if the email asks you to so something that requires you to login into your University of Vienna account, then the domain part of the website’s address, that is, the part between “http://” or “https://” and the next “/”, must end with “.univie.ac.at”. Again, watch out for variations! For example, if the domain ends with “.univle.ac.at” or “univie.info”, then the website does not belong to the University of Vienna. The website’s domain must end with “.univie.ac.at” , nothing else or the email is certainly fraudulent. The reverse does not hold true, however. Just because the website appears to be the University of Vienna, the email may still be fraudulent. There are ways to forge these addresses. Also, the University of Vienna’s network is large, some servers are run by individual departments, and hackers manage to gain access to those from time to time.
If you did visit that website (and you shouldn’t have), then you may notice that the website does not look like other University of Vienna websites. This is another warning sign. Again, the reverse is not true. We have already seen fake Univesity of Vienna websites that looked like the real thing.
Does the email request that I login somewhere (or imply that I should)?
If so, this email is likely fraudulent. Unfortunately, many companies, first and foremost Google, have started to email people to request that they review their privacy or their security settings. Still, most organisations and companies never do that. The University of Vienna’s IT department never does that. There is no technical reason for an IT department or a company to ever ask you via email to login to your account just for the sake of logging in, “updating” your account, “confirming the security” of your account, etc. Note, an email may just as well require that ask you to do something that requires you to be logged in, so that you won’t wonder if you encounter a login mask.
...
- The subject mentions that “Deanery” wants to share a file with you? Do you know anybody who goes by that name? Presumably, it’s the attackers best guess for “Dean’s office.” ” Do you expect the people who work there not to know the proper English term for their department?
- Did you expect to get a file from Deanery? No, you didn’t.
- The email asks implies that you to should visit a website; presumably, it will ask you to download malicious software from there.
...
If you’ve read the list above carefully, you will have noticed there are no hard and fast rules to determine whether an email is fraudulent. You have to use your judgement. If you aren’t sure, call the sender by phone. (If you can’t, then you don’t ‘really’ know the sender and should regard the email as more suspicious for it). You can also ask us, please get in touch with the department’s IT support, for our opinion. We are also happy if you inform us about any fraudulent email you got, so that we can warn others; in particular if it’s a well-crafted one.