Particularly within the last weeks so called phishing e-mails were repeatedly sent to many of our users. Such e-mails are sent by attackers which try to mislead recipients by warnings, threats or rewards to follow links included in the actual e-mail text and to log in with GWDG user name and password on target web-pages right after that.
These target web-pages may even contain logos of GWDG, University of Göttingen or Max Planck Society, but are always fakes. Creators of these fake web-pages only want to collect user credentials, to get access to their data or to misuse their accounts (for example to send further spam or phishing e-mails).
But a successful phishing attack cannot only lead to an individual damage for the affected person, but also to a temporary malfunction of the entire e-mail service: If the “hijacked” e-mail account is misused to send spam or phishing e-mails again, the functionality of the complete GWDG e-mail service will be disturbed for hours or partially days via so-called blacklisting on foreign e-mail servers.
Because attackers recently successfully took over control of some user accounts by phishing e-mails, things got (and still may get) even worse. GWDG users received and still may receive phishing e-mails from apparently trustworthy senders (that means e-mail addresses ending with gwdg.de, uni-goettingen.de or mpg.de). This enlarges the risk, since those e-mails often won’t be recognized as a criminal threat.
Therefore we seriously ask you:
- Be vigilant and cautios when handling e-mail!
- Don’t follow links sent by e-mail if you are not absolutely sure that these links are harmless!
- Don’t log in with your username and your password on web-pages reached via dubious links!
- Open e-mail attachements only if you are sure they will be harmless (for example if you receive documents you expect from senders you trust)!
The GWDG, the University of Göttingen or the MPG don’t send such unsolicited e-mails. At the most you may receive comparable e-mails as results of user requests, like a welcome message send to a new user or an informational message about providing an additional service to a user.
(The only exceptions are e-mails send automatically to remind you to change your password before expiration. But actually even those reminders should not be unexpected because for all recently added accounts password changes are required every quarter of a year or every year, depending on the privileges.)
If phishing e-mails with reference to the GWDG, the University of Göttingen or the MPG are circulating, the GWDG will publish operating news with a specific warning of such e-mails as soon as possible. Thus, you can verify, that such e-mails were not send by the GWDG, the University of Göttingen or the MPG.
Should you have any doubts about a specific e-mail, then we will be pleased to help you. Please don’t hesitate to contact the service hotline of the GWDG. Particularly, don’t hesitate to inform us about suspicious e-mail claiming to have been sent by the GWDG, the University of Göttingen or the MPG and which is not (yet) listed as a known phishing e-mail in the operating news of the GWDG.