Phishing

Phishing targets access data like passwords (password harvesting & fishing), but there are also similar emails that are purely about fraud (scam).

The 3 last registered Phishs or Scams:

  • 25.3.2024:
    Spende .Donation. (Judith .R. Faulkner)
  • 22.3.2024:
    Hallo (Marlene Engelhorn)
  • 14.3.2024:
    Letzte Warnung: Ihre E-Mail hat das Speicherlimit überschritten (TU Graz)
You can find the older phishs in the archive.

A current phishing attempt is not yet on the list? Then please report it, otherwise simply delete the email!

We only warn explicitly (by email etc.) about phishing attempts if they are exceptionally well done or if several people have already responded to them. In addition, we only list attempts to access TU Graz accounts here, phishing attempts on other accounts (bank data, Paypal, …) can also land in your TU Graz mailbox, but we are not responsible for this.

Most phishing attempts lure users (mostly via email, but increasingly also in social networks) to web pages that may be deceptively similar to TU Graz pages (logo, corporate design, webmail interface, …) in order to entice users to enter their account data there.
Attention: Even viewing such a website can lead to an infection of your computer, because such pages may also contain embedded software that exploits vulnerabilities of your browser! (Drive-by-Download).
Another variant asks you to disclose your data via email.

Unfortunately, it is hardly possible to automatically detect and filter all phishing emails, as they usually do not have the typical characteristics of spam emails (which are now detected with a very high hit rate).

However, we never ask users to provide us with their password by email (see also the rules of thumb below). Furthermore, in addition to our SSO pages https://sso.tugraz.at/ and https://auth.tugraz.at/, we only ask you for your TUGRAZonline access data on the following pages on the web, whereby the servers on this list (where technically possible) will be successively converted to SSO: (hellgrau … in Umsetzung)

  • ivpn.tugraz.at - VPN-Lösung für Institute der TU Graz
  • rds-webaccess.tugraz.at - das RDS-System (Terminal Service) der TU Graz;
    alle von dort erreichbaren Systeme sind mit einem 2. Faktor geschützt.

The following services are for network access and therefore use the network access password and are not part of SSO:

  • wlan-cp.tugraz.at - guest login for WiFi of TU Graz
  • vpn.tugraz.at - SSL-VPN of TU Graz

These pages are all protected by HTTPS and the certificates are issued to TU Graz.

If you still fell into such a trap, please change your password immediately - the only place where this can be done is your TUGRAZonline business card (Services - Change password). Report to us that you have fallen into the trap, but that you have already changed the password to prevent us from blocking you on suspicion!

Phishing Rules of Thumb

  1. A Windows 7 computer (or even older) is not only unsuitable for working with confidential data, such a computer has no place on the Internet.
  2. A Windows computer that is also used by other family members is not suitable for working with confidential data.
  3. A Windows computer that contains at least one non-legally purchased program or game or file-sharing software is not suitable for working with confidential data.
  4. Before starting the computer brain up - never vice versa.
  5. When the computer starts Windows and at some point has finished booting - immediately press "Windows Update", then update the virus scanner - but pronto! - to the latest version.
  6. Before opening Outlook, use your brain and process this causal conclusion: "TUGRAZonline never sends out emails in which members of Graz University of Technology are requested to enter data in online forms".
    Therefore, "If I receive an email from TUGRAZonline asking me to enter data into online forms, this email does not come from TUGRAZonline, but from a gang of scammers."
  7. Repeat process.

(translated from: Futurzone, modified for TU Graz)

7 Tips on Phishing

by Niklas Hellemann und Markus Schaffrin (quoted from the homepage of Verband der Internetwirtschaft eco.de) adapted to TU Graz:
  1. Be constantly aware that cyber criminals could try to gain access to TU Graz systems with your help at any time.
    Participate in training sessions on a regular basis.
  2. If you are unsure whether you might have become a victim of a phishing attack, please report it immediately to your "EDV-Beauftragte", to it-support@tugraz.at or to it-security@tugraz.at) and forward the corresponding email.
    If the email is not marked as spam or suspicious, report the email to the postmasters as well.
    Also inform them if you have shared critical information over the phone.
  3. Never share personal information such as passwords, credit card or transaction numbers via email, messaging service, social media or over the phone.
    This sounds obvious, but you are more vulnerable to manipulation, influence and deception in the home office.
  4. In general, avoid clicking on links in emails that lead to log-in pages.
    Instead, save addresses to frequently visited pages in your browser's favorites list or surf to the page mentioned in the email from the OU's home page.
  5. Do not click on any links that you receive via SMS.
    It is especially easy to fake the sender here. Smishing is a method of attack via text message or SMS calling to follow a link or call a number.
    It is better to surf the sender's site directly in the browser.
  6. Never launch a download link directly from an email unless you are 100% sure.
    Instead, if possible, always start downloads directly from the provider's website or from the homepage or ftp server of TU Graz.
  7. Before you open files attached to an email, make sure that the email really comes from a trustworthy sender.
    In case of doubt, contact the sender by phone to make sure that the email really comes from him or her and point out the possibility of digital email certificates.

Tips for Email Security

If possible, avoid HTML emails!
If you think you absolutely have to use HTML emails permanently, then please check exactly where a link really points to - example: https://security.tugraz.at/.