Detecting pishing mails and mails with malware
Unfortunately, it is not possible to prevent malicious emails from reaching HTW-Dresden time and again. Mail addresses must be published for teaching and public relations purposes, and are therefore known.
Please delete such mails from your mailbox immediately!
Malicious e-mails include:
- Pishing e-mails: Attempts to obtain the user's personal data via fake websites or e-mails in order to commit identity theft / to passwords
- E-mails with malicious code (ransomware, Trojans, backdoors)
How do you recognise such mails?
Even one or two applicable points can be a sufficient indication of a forgery:
- Fake / strange sender address / recipient address (e.g. the sender address is not an HTW email but e.g. a Gmail address, although the alleged sender is a member of the HTW).
- Attention, the sender can also be fake!!! A known sender is no guarantee of authenticity!
- Often similar addresses are used (e.g. amzon.com, instead of amazon.com)
- In Outlook, HTW-internal senders are displayed with last name, first name
- meaningless subject,
- missing of personal address,
- the content is absurd or in bad spelling/grammar
- There are threats of consequences; e.g. a mail account deletion for not responding in 48 hours.
- a copyright symbol in the text,
- ominous external link,
- missing of a closing salutation,
- missing text signature,
- the mail was sent during the night
- Error in the official designation.
- Missing PKI signature
- On the web page sign and encrypt you will find detailed information on sending mails with a signature and on how to recognise the signature.
Further examples of the distribution of mails with harmful content
- Reply with a forged sender to a mail communication that really took place:
- E-mail traffic is easy to intercept if it is not encrypted. If in doubt, ask via another medium (e.g. via a phone call) whether the content or attachment is really relevant.
- Mail traffic from an account hijacked at the HTW-Dresden with a real HTW sender address
- In this case, send an email to firstname.lastname@example.org so that we can block the hijacked account.
Überprüfung des Mail-Headers
Check in Outlook
To check the header of a message in Outlook:
- Open the message with a double click
- Click on the box for message options under the item Marks.
- Under Internet headers you will now find the sender of the mail under FROM and the history of the e-mail traffic
Check in Thunderbird
To check the message To check the message header in Thunderbird:
In the menu, select View --> Headers and there select All
Structure of a web address
How do you recognise a web address and its origin?
A web address has at least the following components (explained with 2 examples):
|1||http:// oder https://||
Denotes the protocol |
http is unencrypted, please do not submit any confidential data to the website here
https is encrypted
Server name, |
can also be composed of several parts, with .separated
|3||htw-dresden||Domain, on pages of the HTW Dresden always htw-dresden|
|5||/||Any information can be placed after this /|
|6||Directory||the directory can have any depth and any name|
*Can now be awarded to any operator
By moving the mouse over a link (no click!) the real link is displayed.
Here are three examples of a hidden link abroad:
Beispiele für gefälschte Links
This link suggests that it is linked to the HTW-Dresden.
However, when the mouse button is hovered over, an address in Turkey is displayed (recognisable by the .tr)
This mail has several spam characteristics:
- It was sent in the middle of the night
- It contains the threat that the account will be blocked in 24 hours and 7 mails are waiting to be read
- the sender is not from the HTW
- The link leads to Montenegro (.me)
Even though in this case htw-dresden.de is included in the mail address, this is a link pointing to a web address in Greece.
All information after the first simple / designates only the directory structure and does not contain any information about the server!
HTW-Dresden will not ask you to change your login data via a link.
This link leads to a completely different address.
Always change your password by going directly to www.htw-dresden.de --> University --> IT Service Centre --> User management and drives --> Change HTW-Login-Passwort or via a method described on the page "Hints on changing the password"