skip to content

What is a Phishing Scam?

Phishing refers to the illegal attempt to obtain other people’s passwords or other login credentials. Phishing scams usually occur via e-mail. Very often, the e-mail addresses used to send phishing attempts are faked. Faking e-mails and e-mail addresses is as easy as writing someone else’s name on a postcard, so all aspects of suspicious e-mails should be examined carefully.

In most cases, phishing attempts will alert the recipient that some kind of immediate action has to be taken — often this action is some form of alleged “validation” on a faked website. Once the recipients use their login credentials for this “validation,” their input is harvested by the scamming party and may be abused in the future.
Furthermore, phishing schemes usually threaten the addressee with adverse consequences in case they do not comply with such “validation requests.” This is designed to put the target under pressure so that they will be more likely to comply with the faked request.

As such, phishing scams are an example of an attempt at social engineering: a psychological manipulation that aims to make its victims take actions which they would refrain from in situations of lower mental pressure. Such actions often involve some form of disclosure of sensitive data or information, such as passwords, credentials, or company secrets, but they may also be aimed at e.g. gaining physical access to non-public spaces.
However, this exploitation of human behaviour under (social) pressure is only the first step: account data and other information obtained through social engineering may be used as the basis for cyber attacks or other attacks on systems, services, or devices.
Thus, phishing and other social engineering techniques usually have two target levels. On the first one, the target is an individual person, and the second one is the infrastructure this person has legal access to.

This is why every single individual who uses an IT service or system bears a responsibility for the security of our IT infrastructure and should exercise caution when dealing with suspicious content or e-mails.

Phishing Scams: Questions and Answers

How to detect fraudulent e-mails

  • Look closely: Which address was the e-mail sent from? Is this an e-mail address operated by the University of Cologne? Is it the e-mail address this person normally uses? Remember, e-mail addresses can be falsified easily. In case of doubt, check if you know the sender and reach out to them in a different e-mail, text message or call them. A quick phone call or a short message may prevent further harm.
  • Be cautious: Never open "Office" documents (i.e. word processing, spreadsheet or presentation files, e.g. doc files) or ZIP archives unless you are absolutely positive that they come form a legitimate source and the person who claims to be the sender is the actual sender. Do not open unsolicited Office or ZIP files otherwise. Not even
    • if you recognise that person’s name. Their name in the e-mail or the purported address is no evidence of them having actually sent the e-mail.
    • if the e-mail seems to be a reply to previous correspondence.
  • Keep calm and do not act immediately. At University of Cologne, no deadlines of “do this today or face the consequences” are being put out. Genuine deadlines will be announced in good time. If you are uncertain if a request received via e-mail is genuine, write yourself a note to revisit this topic a few days later. If the request was a scam, you will most likely be able to read about it on our web pages.
  • Do not click on links carelessly:  Malware is very versatile nowadays and also may stand behind links that look authentic. Depending on the malware, clicking on such a link may bring disaster upon you and maybe even the IT infrastructure of your entire institution.
    • Look even more closely: Where does a link redirect to — an official website of e.g. the University of Cologne or a dubious website such as www.weight-loss…?
      If the link address is full of “garbage,” i.e. it contains hardly any human readable information, chances are high that the website it links to is not legitimate.
      (The opposite does not hold true: An easy to read address is by no means a sufficient sign for a serious web page.)
    • Use a secure virus check tool:
      VirusTotal is a free online service that lets you check suspicious links for malware. You can access it here (this link should be safe to click on): https://www.virustotal.com/gui/home/url
    • Use Windows Sandbox:
      A sandbox is a closed part of your operating system, like an operating system within your operating system. This allows you to execute operations without potentially compromising your actual system.
  • When filling a form that prompts you to enter passwords, take a closer look for signs of fraud:
    • Is the form actually provided by the University of Cologne? Check the website’s address. Official UoC websites use the “uni-koeln.de” domain name.
    • Do the form’s labels use proper writing style? If unusually looking letters appear, this is a sign of a fradulent website. For instance, a box labelled “Pásšwørd” instead of “Password” is a sure sign of a scam website. This applies to other unusually styled letters as well, e.g. ñ instead of n.
    • If the password box displays the actual characters you typed in (instead of asterisk or dot symbols) without you enabling cleartext display first, leave the website immediately. This is a clear indication of an imposter website.
  • Take a quiz to learn more about detecting phishing scams to prepare yourself for future threats.
  • Activate the spam filtering service for your email account (if you have not done so already). While not all phishing emails will be detected as spam, a good part of typical phishing emails can be filtered out before it reaches your inbox. This way, you will not have to think twice whether or not a certain message is benign or malicious.
  • In case of doubt, (or if you accidentally clicked on a suspicious link or opened a suspicious attachment) contact your IT service, DP office or the RRZK help desk and request further advice and instructions.

Other Types of Attacks via E-Mail

Spear Phishing

Whereas the average phishing attempt is distributed to several hundred or thousand persons at the same time, there is another form of phishing that is highly targeted and, as such, more dangerous: Spear Phishing.
Spear phishing attempts usually are scam e-mails that are sent to as few as one individual person and contain highly specialized content that is tailored to the target’s interests, correspondences or work environment, which may look authentic even under closer inspection. As such, spear phishing is a particularly insidious type of scam. We have compiled a separate information page on Spear Phishing here.

Blackmailing via e-mail

"Help, someone writes that I have been hacked and he has got compromising records about me! I should pay a ransom, otherwise he will send these records to my relatives and acquaintances!" However, most of the time this type of threatening email is sent without providing any evidence. Learn more about typical blackmail attempts on our page dedicated to these scams.

 

Giftcard Scamming

What is giftcard spam? Scammers send messages to employees in the name of their superior (professor, supervisor, head of management) from an external e-mail address (e.g., Gmail, Yahoo). They pretend that the matter is urgent and that they can only be contacted via this external e-mail address. The victims are put under pressure and are persuaded to buy gift cards and hand over the gift card codes.

Find out more about Giftcard Scams.

 

 

Contact
If you have any questions or problems, please contact the RRZK-Helpdesk