Phishing mails often have the following characteristics:
- impersonal form of address, for example just “Good afternoon” instead of addressing you by name
- Query of passwords, PIN or TAN
- Call for immediate action to avoid complete loss of data
- Links that are to be clicked are similar but not identical to the real links. Example: www.tudarmstadt.serverx.org is not a TU address, because it does not end at “tu-darmstadt.de”.
- Sender address that does not correspond to the real sender.Example: Some phishing mails under the name HRZ-Service came from email@example.com.
If you have an e-mail in your letterbox that has one or more of these features and is alleged to come from HRZ or another official body, you should be careful. This also applies, of course, to e-mails that do not have any of these features, but still seem to be dubious to you.
Phishing can affect anyone – be vigilant
HRZ cannot prevent criminals from sending e-mails in which they pretend to act on behalf of TU Darmstadt. In order to obtain data, the criminals use the names of public institutions as well as those of companies and banks. This makes it more important to always be alert.
If in doubt, call the institution from which the e-mail is allegedly coming, for example the HRZ service, and ask whether the e-mail is real. If you ask for authenticity by e-mail, do not use the “Reply” function, but forward the e-mail and type in the recipient's address by hand.
For more information on how to handle phishing emails, see the next section.