You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

The University of Vienna is so kind to tell the whole world about your email address, and the world surely is making use of that information. It’s just that its intentions aren’t always good. There are malicious actors out there who want to trick you into disclosing your University of Vienna username and password, infect your computer with malicious software, get you to pay them money, or simply to visit a website. Some of those emails are easy enough to recognise (”You have won $100,000,000 in the ACME Inc. Lottery! Just send us your credit card number, its expiry date, your CVC, your date of birth, and some blood of your first-born by TOMORROW!”). This is no accident; the people who send these emails only want you to reply if you are gullible enough to fall for their schemes. However, some of these emails are harder to recognise; namely, those that are crafted to trick you into revealing your username and your password or running malicious software. So here is checklist to help you decide whether you should trust an email.

Checklist

Who is the email from?

If the email is not from somebody you know, it may be fraudulent. Check whether it appears to be from somebody who can make that request legitimately. For example, if an email requests that you login into your University of Vienna account, does it originate from the University of Vienna’s computer centre? That is, does the sender’s address end in “@univie.ac.at” and does the part in front of the “@univie.ac.at” contain “zid” (Zentraler Informatikdienst)? If not, the email is not legitimate. Watch out for variations! For example, a malicious actor may send an email from an address that ends in “@univle.ac.at” or “@univie.edu.” These are not legitmate. Only addresses ending in “@univie.ac.at” are. If the sender is not legitimate, the email is certainly fraudulent. The reverse does not hold true, however. Just because the sender appears legitimate, the email may still be fraudulent. There are ways to forge sender addresses. And malicious sometimes actors manage to get illegitimate access to legitimate accounts.

Does the email request that I visit a website?

If the email requests that you visit a website and is not from somebody you know, it is likely fraudulent. Again, check whether the email appears to be from somebody who can make that request legitimately. But don’t stop there! Also check whether the website the email asks you to visit matches the request. For example, if the email asks you to so something that requires you to login into your University of Vienna account, then the domain part of the website’s address, that is, the part before the first “/”, must end with “.univie.ac.at”. Again, watch out for variations! For example, if the domain ends with “.univle.ac.at” or “univie.info”, then the website does not belong to the University of Vienna. The website’s domain must end with “.univie.ac.at”, nothing else or the email is certainly fraudulent. The reverse does not hold true, however. Just because the website appears to be the University of Vienna, the email may still be fraudulent. There are ways to forge these addreses. Also, the University of Vienna’s network is large, some servers are run by individual departments, and hackers manage to gain access to those from time to time.

If you did visit that website (and you shouldn’t have), then you may notice that the website does not look like other University of Vienna websites. This is another warning sign. Again, the reverse is not true. We have already seen fake Univesity of Vienna websites that looked like the real thing.

Does the email request that I login somewhere?

If so, this email is likely fraudulent. Unfortunately, many companies, first and foremost Google, have started to email people to request that they review their privacy or their security settings. Still, most organisations and companies never do that. The University of Vienna’s IT department never does that. There is no technical reason for an IT department or a company to ever ask you via email to login to your account just for the sake of logging in, “updating” your account, “confirming the security” of your account, etc. Note, an email may just as well require that you do something that requires you to be logged in, so that you won’t wonder if you encounter a login mask.

Does the email request that I open an attachment?

If so and the email is not part of an ongoing conversation, then it is almost certainly fraudulent. Never open attachments before you have checked whom they are from. Never open attachments from people that you don’t know. 

Does the email create a sense of urgency?

If so, the email is likely fraudulent. Malicious actors try to scare you (“Your account will be disabled!”) or to create a sense of urgency to get get you to overlook that the email is not legitimate.

Does the narrative check out?

  • Are you referenced by name? (And is it your name?)
  • Do you understand what the email is about (or does it throw arround jargon, leaving you only with a vague idea of why you are supposed to do something)?
  • Do you expect to receive an email in that matter?
  • Do you know the other people that the email references?

If the answer to more than one of these questions is “No,” you should be suspicious. Again, the reverse is not true. An malicious actor may be take the time to craft a good story or even target you personally.

In case of doubt

If you’ve read the list above carefully, you will have noticed there are no hard and fast rules to determine whether an email is fraudulent. You have to use your judgement. If you aren’t sure, call the sender by phone. (If you can’t, then you don’t ‘really’ know the sender and should regard the email as more suspicious for it). You can also ask us, the department’s IT support, for our opinion. We are also happy if you inform us about fraudulent email you got, so that we can warn others; in particular if it’s a well-crafted one.

  • No labels