Service Announcement - 19 September 2023Warning of another phishing attack

Currently, a professional phishing campaign is reaching the university to steal access data to university IDs or project accounts. These phishing mails have different senders with different texts. However, each mail contains at least one link to a web page that looks similar to a login page of an IT service (e.g. web mail). We have attached a screenshot of a sample email as well as a screenshot of a sample phishing page at the end of this message.

We have blocked the corresponding domain addresses of the web servers within the university that are currently known to us. However, this measure is only effective if you are on the university's network.

Therefore, please urgently inform all colleagues and forward the following instructions for account protection:

  • When using login windows of university services, please make sure that the URL in the address line ends with .uni-heidelberg.de!
  • Please check the sender of the mail or the mail address carefully and do not click on any links/attachments from unknown persons outside the university.
  • Please delete suspicious mails immediately.
  • Please never enter your login data on suspicious login pages.
  • If you have already entered your own account data, please change your password as soon as possible or ask the IT service of the URZ for support immediately.

Sample screenshot of a phishing email

Es ist kein Absender der uni-heidelberg.de Adresse, der Empfänger ist nicht ihre Mail sondern die einer anderen Person und der Absender am Ende der Mail fehlt (es wird beispielsweise nur mit „Mail-Team“ unterschrieben)

Sample screenshot of a phishing site

Die Adresse in der dresszeile ist nicht von der Universität