Some users have received phishing emails today with the subject: “Bitte aktualisieren Sie Ihr Mun Webmail-Konto” or “Ihr E-Mail-Passwort läuft heute ab” ("Please update your Mun webmail account" or “your email password expires today”).

Attention: This message were sent by cyber criminals. They are trying to refer to a fake login page so that they disclose their account details and password.

Please do not click on this link, but delete the email and ignore the instructions!

In its newsletter “Sicher informiert", the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik) draws attention to the end of life of the Windows 10 operating system (also reported by the FAZ). Beginning in October 2025, there will be no longer any security updates for Windows 10. Due to the high security risks for the network, systems and data of the University of Cologne, all systems must be migrated to Windows 11 or any other operating system such as Linux. Computers in the network that do not comply with this requirement will be disconnected or blocked from the UKLAN for security reasons.

Online scammers have sent e-mails over the Pentecost weekend with the subject “Unfortunately I have bad news for you”. Some of these e-mails went to e-mail addresses at the University of Cologne, but mostly these were sent to external recipient addresses.

In terms of content, these emails were an attempt at blackmail. We have displayed warnings on our website about precisely this situation for several years.

The main feature of these e-mails was that the sender made them appear as if they had been sent directly from the University of Cologne when in fact this was not the case.

Unpeeling the first layer of the Onion

At first glance, the e-mails attempt to coerce the recipient and pressurise them to pay the fraudsters. The name or e-mail address of the recipient is used as the visible sender to pretend that the fraudster has access to the victim's mail account. However, the fraudsters do not have access, because it is merely a fake sender. This scheme is detailed on our page on phishing.

Unpeeling the second layer of the Onion

At second glance, the e-mails appear as if they have been sent via the mail servers of the University of Cologne. To do this, the fraudsers used the host name of UoC’s webmail system and configured their own mail servers so that these servers should use the University of Cologne server name. Of course, the scammers cannot redirect real emails to the wrong server in this way, but they can make it appear as if the University of Cologne was responsible. Complaints about these unsolicited e-mails end up being directed back to the administrators of the mail systems at the University of Cologne.

Unpeeling the third layer of the Onion

As mentioned, using this technique the fraudsters cannot technically send from the University of Cologne mail systems. The mail servers of the recipients of these fraudulent e-mails will notice that the e-mails are not actually being sent from mail servers of the University of Cologne. Nevertheless, the receiving mail server notes the alleged sending server's name and the technical mismatch in the e-mail header. In addition, the receiving mail server also notes the actual IP address of the sender’s mail server, because this IP address cannot be faked as easily as the sender domain. This IP address allows recipients of the fraud e-mails to establish with which server operator they should file their complaint. And a complaint can be directed at this server operator as they are ultimately responsible for these scam e-mails being sent.

At https://www.bakgame.de/ Spiele you can easily acquire your knowledge of cybersecurity, phishing and secure computers. Try it!

Your computer is the last barrier between you and your data. Make sure no-one but you has access to your device. This also applies to your physical workspace, e.g. you office desk, and all documents, records, and files stored there. Please ensure that such documents are locked away securely and inaccessible to others so that no-one can inspect, abstract or damage them. In practice appropriate measures include:
Lock your computer (or sign out of your account if you share a device) as soon as you leave your workplace, even if it is just for a short time.
Lock away all confidential documents, including external data media such as hard drives or USB sticks.

Check if data encryption is a feasible option for your data. Current operating systems can carry out device encryptions by default if the corresponding setting has been turned on:

Microsoft: Device Encryption

Microsoft: Turn on Device Encryption

Update prompts and security alerts can be bothersome — and oftentimes they are ignored or clicked away. However, security breaches can make systems and software unsafe to use. Third-party attackers may be able to compromise your device if security holes are exploited. To prevent this, update your software regularly, especially if the software requests you do it as soon as possible! Your operating system, your internet browser, and your PDF software have the highest priority in this regard as they are the most vulnerable software. For this reason, always pay attention to security alerts.

USB sticks, external hard drives and other such storage media may pose significant security risks. These devices can potentially install harmful malware into your network or the network of the university. Never connect external drives whose origin you do not know (e.g. because you found them somewhere) to your computer or portable devices. Be careful when using external drives from third parties like colleagues, friends, and family — their drives may be compromised without their knowledge.

The most important advice for this is: Do not use the same password for all services! Otherwise a password illegally obtained in e.g. a cyber attack may be used to compromise more than one account and/or system. If you use the same password for your private online shopping and your business accounts, one security breach in one automatically puts the other one at risk as well.

Never share your login details or passwords with others for any reason, not even WiFi or VPN access. Just don’t.
This applies to the login details of all accounts you may have for digital services. Please note that the terms and conditions of your university account explicitly prohibit sharing your account data with third parties. Doing so may result in a ban of your account and that further action under German labor law may be taken against you.

A regular backup of your data is important to prevent data losses in the case of hardware defects or other issues. Not backing up your data risks not being able to access any of it in the case of crashes, malfunctions or compromisings. Please bear in mind that this also applies to data on external drives.

USB sticks in particular are prone to data losses and should not be used as a backup medium.

Backup on MacOS using "Time Machine": Apple: Time Machine Backups

The University of Cologne also offers the use of TSM as a backup system for advances users.

Save data on trustworthy drives such as SoFS or internal network storages only. Be cautious when choosing storages for your data and its backups — sensitive data does not belong on third-party storage options such as Dropbox.
If you are unsure which data should be saved where, please do not hesitate to reach out to the RRZK help desk to address your questions or be redirected to the appropriate point of contact.

Never share information thoughtlessly with third parties. When discussing sensitive or business-related matters, always make sure to ask yourself which information and how much information is appropriate to share. This applies to all kinds of information regardless of its source or the medium of communication.

A responsible treatment of the data entrusted to you also includes the ability to delete data correctly, comprehensively, and irretrievably. You can find an introductory guide for this here.

Phishing attempts and spam e-mails have existed ever since communication went digital. The number of phishing attempts has evidently and considerably risen worldwide in recent months and years. Our university is no exception here.
Be careful and stay calm if you should ever receive an e-mail that tries to extort money from you, threatens an account ban unless you log in to your account on a certain website, or puts you under any other kind of pressure. Phishing e-mails will also ask you to use sensitive login data on external or faked websites.
Make sure to check the sender, e-mail address, and the website you are being redirected to very carefully.
Never enter any sensitive account data on any website that looks even the slightest bit suspicious.

When in doubt, please always consult the RRZK help desk to discuss your concerns and find out if any kind of action on your part is required.

We have compiled some more useful information on phishing on this info page.
We have also made some example e-mails from recent phishing attempts available on our website (German only).

There is a host of information on spam and phishing available on external websites, e.g. from Cisco here.

Please also be wary of Spear Phishing, as this is a highly targeted and well-disguised kind of phishing attempts.

For more information on spear fishing, you may also want to read through this article on CSO Online.

By the way: Forging e-mails is as easy as sending a postcard under a false name. If you are not sure whether an e-mail you received was sent from the person named as the sender, check back with that person using a method of contact that you know is only accessible by that person. A quick phone call can often clarify the situation and prevent harm.

Separating your business from your private life is always a good idea, and that is true for IT maters as well. Create different account for different purposes so that your data and your software can be used separately to avoid putting a lot of information and data at risk at the same time.

It is also advisable to use a local user account on your device.

This has been the standard for MacOS and Linux systems for some years now, but it will have to be set up separately if you use Windows 10:

Microsoft: Create a local user

If you are unsure whether cryptic error messages or suspicious messages are legitimate, do not hesitate to reach out to the appropriate support services. For the University of Cologne, the RRZK help desk can answer most of your questions or redirect you to the appropriate service or point of contact.

Large-scale phishing attempts at our university are also warned of on the RRZK website. This can be a useful resource for surveying the general situation if e.g. you receive a suspicious e-mail.
Most importantly: Keep calm, and do not let yourself be put under any kind of pressure.

Situations of mental pressure make it harder to judge the overall setting and may lead to significant misjudgments.
Do not be afraid to ask too much if you are ever in doubt regarding issues of information security.