What is a Phishing Scam?

Phishing refers to the illegal attempt to obtain other people’s passwords or other login credentials. Phishing scams usually occur via e-mail. Very often, the e-mail addresses used to send phishing attempts are faked. Faking e-mails and e-mail addresses is as easy as writing someone else’s name on a postcard, so all aspects of suspicious e-mails should be examined carefully.

In most cases, phishing attempts will alert the recipient that some kind of immediate action has to be taken — often this action is some form of alleged “validation” on a faked website. Once the recipients use their login credentials for this “validation,” their input is harvested by the scamming party and may be abused in the future.
Furthermore, phishing schemes usually threaten the addressee with adverse consequences in case they do not comply with such “validation requests.” This is designed to put the target under pressure so that they will be more likely to comply with the faked request.

As such, phishing scams are an example of an attempt at social engineering: a psychological manipulation that aims to make its victims take actions which they would refrain from in situations of lower mental pressure. Such actions often involve some form of disclosure of sensitive data or information, such as passwords, credentials, or company secrets, but they may also be aimed at e.g. gaining physical access to non-public spaces.
However, this exploitation of human behaviour under (social) pressure is only the first step: account data and other information obtained through social engineering may be used as the basis for cyber attacks or other attacks on systems, services, or devices.
Thus, phishing and other social engineering techniques usually have two target levels. On the first one, the target is an individual person, and the second one is the infrastructure this person has legal access to.

This is why every single individual who uses an IT service or system bears a responsibility for the security of our IT infrastructure and should exercise caution when dealing with suspicious content or e-mails.

Phishing Scams: Questions and Answers

What does a phishing e-mail look like?

Whereas phishing attempts were quite easy to identify through their deficient grammar and orthography not too long ago, the number of linguistic giveaways in phishing e-mails has drastically declined in recent years. This means that all of us have to

1. be aware of the possibility of phishing attempts.
2. be cautious when dealing with suspicious e-mails.
3. be educated on what common techniques, phrases, and pretenses are used in phishing e-mails.

We have compiled a list of recent e-mails that have been found to be phishing attempts here. As the majority of phishing e-mails that members of our University receive are in German, this list — as of now — only contains German-language examples.
Our colleagues at UC Berkeley publish all the phishing attempts that occur at their institution. Skimming through them can give you a better idea of what such texts may look like in English.

I have received an e-mail from my own e-mail address. Have I been hacked?

We understand that a situation like this can be unsettling at first. However, it is very unlikely that your account has been hacked. This is because someone having used your e-mail address as the sending address is not the same as someone actually having gained access to your e-mail service.
As noted before, sending an e-mail under someone else’s name is as easy as writing someone else’s name on a postcard. In IT, this is called sender name/sender address spoofing.
The most likely scenario here is that a scammer simply used the letters that make up your e-mail address as a mask for the one the e-mail was actually sent from.

If you are unsure whether it is likely that you have been hacked or not, you can always reach out to the RRZK help desk to ask for advice or an examination of the e-mail you received. For this, our colleagues there will most likely request that you send them the header of the e-mail in question. In Webmail, you can read and copy the header by opening the e-mail in your inbox, then click on “Other Options” and “View Source”.

How should I react to a phishing e-mail?

I am not sure if the e-mail I received is a phishing attempt. Where can I ask for advice?

How to detect fraudulent e-mails

320px480px640px786px1024px1280px1440px

Look closely: Which address was the e-mail sent from? Is this an e-mail address operated by the University of Cologne? Is it the e-mail address this person normally uses? Remember, e-mail addresses can be falsified easily. In case of doubt, check if you know the sender and reach out to them in a different e-mail, text message or call them. A quick phone call or a short message may prevent further harm.
Be cautious: Never open "Office" documents (i.e. word processing, spreadsheet or presentation files, e.g. doc files) or ZIP archives unless you are absolutely positive that they come form a legitimate source and the person who claims to be the sender is the actual sender. Do not open unsolicited Office or ZIP files otherwise. Not even
- if you recognise that person’s name. Their name in the e-mail or the purported address is no evidence of them having actually sent the e-mail.
- if the e-mail seems to be a reply to previous correspondence.
Keep calm and do not act immediately. At University of Cologne, no deadlines of “do this today or face the consequences” are being put out. Genuine deadlines will be announced in good time. If you are uncertain if a request received via e-mail is genuine, write yourself a note to revisit this topic a few days later. If the request was a scam, you will most likely be able to read about it on our web pages.
Do not click on links carelessly: Malware is very versatile nowadays and also may stand behind links that look authentic. Depending on the malware, clicking on such a link may bring disaster upon you and maybe even the IT infrastructure of your entire institution.
- Look even more closely: Where does a link redirect to — an official website of e.g. the University of Cologne or a dubious website such as www.weight-loss…?
  If the link address is full of “garbage,” i.e. it contains hardly any human readable information, chances are high that the website it links to is not legitimate.
  (The opposite does not hold true: An easy to read address is by no means a sufficient sign for a serious web page.)
- Use a secure virus check tool:
  VirusTotal is a free online service that lets you check suspicious links for malware. You can access it here (this link should be safe to click on): https://www.virustotal.com/gui/home/url
- Use Windows Sandbox:
  A sandbox is a closed part of your operating system, like an operating system within your operating system. This allows you to execute operations without potentially compromising your actual system.
Take a quiz to learn more about detecting phishing scams to prepare yourself for future threats.
Activate the spam filtering service for your email account (if you have not done so already). While not all phishing emails will be detected as spam, a good part of typical phishing emails can be filtered out before it reaches your inbox. This way, you will not have to think twice whether or not a certain message is benign or malicious.
In case of doubt, (or if you accidentally clicked on a suspicious link or opened a suspicious attachment) contact your IT service, DP office or the RRZK help desk and request further advice and instructions.

Other Types of Attacks via E-Mail

Spear Phishing

320px480px640px786px1024px1280px1440px

expand:

Whereas the average phishing attempt is distributed to several hundred or thousand persons at the same time, there is another form of phishing that is highly targeted and, as such, more dangerous: Spear Phishing.
Spear phishing attempts usually are scam e-mails that are sent to as few as one individual person and contain highly specialized content that is tailored to the target’s interests, correspondences or work environment, which may look authentic even under closer inspection. As such, spear phishing is a particularly insidious type of scam. We have compiled a separate information page on Spear Phishing here.

Blackmailing via e-mail

320px480px640px786px1024px1280px1440px

"Help, someone writes that I have been hacked and he has got compromising records about me! I should pay a ransom, otherwise he will send these records to my relatives and acquaintances!" However, most of the time this type of threatening email is sent without providing any evidence. Learn more about typical blackmail attempts on our page dedicated to these scams.

Giftcard Scamming

320px480px640px786px1024px1280px1440px

expand:

What is giftcard spam? Scammers send messages to employees in the name of their superior (professor, supervisor, head of management) from an external e-mail address (e.g., Gmail, Yahoo). They pretend that the matter is urgent and that they can only be contacted via this external e-mail address. The victims are put under pressure and are persuaded to buy gift cards and hand over the gift card codes.

Find out more about Giftcard Scams.

Contact
If you have any questions or problems, please contact the RRZK-Helpdesk

UNIVERSITY OF COLOGNE

Regional Computing Centre (RRZK)

What is a Phishing Scam?

Phishing Scams: Questions and Answers

What does a phishing e-mail look like?

I have received an e-mail from my own e-mail address. Have I been hacked?

How should I react to a phishing e-mail?

I am not sure if the e-mail I received is a phishing attempt. Where can I ask for advice?

How to detect fraudulent e-mails

Other Types of Attacks via E-Mail

Spear Phishing

Blackmailing via e-mail

Giftcard Scamming