Phishing mail with the subject "Antworte mir jetzt" allegedly from supervisor/colleague.
Phishing e-mails purporting to be from a superior or colleague with the subject "Antworte mir jetzt". The mails do not originate from TU, but from a Gmail account "tommydavids1212@gmail.com", which we have blocked.
The attackers use information from the TU's website to set the plain name of the mail address to make the mail look plausible.
The plain name of a mail can contain any text, just like the sender of a physical letter, e.g. "Olaf Scholz". There is no technical way, other than using signed mails with certificates, to prevent this. Unfortunately, many mail programs, such as Outlook, no longer display the mail address if a plain name is specified in the mail header.
It is also easy to forge sender addresses, but we now observe more often that people do not bother to do so, but just forge the plain name.
However, in Outlook you can switch on the display of the sender address permanently for a folder in the overview:
View - Add Columns - New Column - "Formula" - Add "[searchfromemail]" and group it appropriately with "up".
In the Thunderbird mail program, this functionality is easier to implement via the "Full Address column" add-on.
Incidentally, the attackers' scam is well known. After contacting them, the attacker tries to persuade the victims to purchase vouchers for their superiors, e.g. for Amazon. In such cases (payments/solicitations from superiors) we always advise to have it confirmed on an independent channel by phone.
More information on phishing can be found in our online IT security training, which is now also available in English:
it-sicherheitsschulung.tu-dortmund.de/bits/en/