An increased number of phishing emails are currently being sent to many members of the University of Münster. 

The emails have the subject "ACHTUNG AN ALLE MITARBEITER" and have been sent from different external accounts. The emails claim that the email system will be switched over to Microsoft Office 365 and contacts have to be saved in order to be transferred correctly. This is just a false pretext to lure recipients to an external website controlled by the attackers, which exfiltrates entered credentials.

An increased number of phishing emails are currently being sent to many members of the University of Münster. 

The emails have the subject "Sie haben 3 Dateien per Microsoft Shared Document erhalten." or "Die Universität Münster hat Ihnen 3 Dateien gesendet" and have been sent from different external accounts (University of Alberta and University of Bielefeld). The emails claim that files have been shared via "Microsoft Shared Document". This is just a false pretext to lure recipients to an external website controlled by the attackers, which exfiltrates entered credentials.

An increased number of phishing emails are currently being sent to many members of the University of Münster. 

The emails have the subject 'Update!!!' and pretend to be from 'Microsoft Support'. The emails claim that storage space is exhausted and recipients need to sign in via a link to obtain more storage space. This is just a false pretext to lure recipients to an external website controlled by the attackers.

An increased number of scam emails are currently being sent to many members of the University of Münster.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The emails have the subject “1 neue Termin-Nachricht” or “Action Required” and pretend to be an invitation to an appointment. They contain a link to an external website on which the University of Münster's login page has been replicated. The emails come from external senders, some of them from other universities.

Click here for the full note

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The emails have the subject "E-Mail-Zustellung fehlgeschlagen - (1)" and claim that emails were returned to the sender due to a synchronization error and that these messages now need to be retrieved manually. This is just a false pretext to trick recipients into revealing their login details on an external website that mimics a generic webmail interface. The emails were sent from an external address

Click here for the full note

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The emails have the subject line "Wichtige Personalanpassung" and claim that there have been staff adjustments that need to be verified. This is just a false pretext to trick recipients into revealing their login details on an external website that mimics the Outlook interface. The emails were sent from an external address but pretend to be from an internal sender.

Click here for the full note

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The emails have the subject "Wichtiger Hinweis: Migration auf Outlook Webmail 2024" and claim that a migration to a new version of "Outlook Webmail" requires a registration. This is merely a false pretext to entice recipients to disclose their credentials on an external website. The emails were sent from an external sender address named "Nurefşan Fedakar".

Click here for the full note

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The emails have the subject "Benachrichtigung aus Microsoft Outlook" and claim that a "termination" of the email mailbox is imminent and a "verification" is necessary to prevent this. This is merely a false pretext to entice recipients to disclose their credentials on an external website. The emails were sent from an external sender address named "Iwona Chmura-Rutkowska".

Click here for the full note

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The emails have the subject "Re: Bestätigung oder Stornierung" and claim that the storage space for one's own mailbox has been surpassed and actions are necessary. This is just a false pretext to entice recipients to reveal their access data on an external website. The emails were sent from multiple different sender addresses from the University of Bonn. Legitimate notifications about full storage space via email do not exist.

Click here for the full note

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The emails have the subject "E-Mail-Speicherlimit überschritten" and claim that the storage space for one's own mailbox has been surpassed and actions are necessary. This is just a false pretext to entice recipients to reveal their access data on an external website. The emails were sent from various sender addresses, including from internal email addresses. Legitimate notifications about full storage space via email do not exist.

Click here for the full note

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The e-mails have the German subject "Re: Lohn- und Gehaltsabrechnung für Mitarbeiter" or "RE:  ICT Support." and claim that an update or confirmation is necessary for the email service. The emails have been sent out from external email addresses under different names without any relation to the University of Muenster. The link leads to an external website that is under the control of the attackers and forwards the login data to the originator. It mimics the appearance of the Outlook Web app.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The e-mails have the subject "Dringend: Aktualisierung Ihrer E-Mail-Informationen erforderlich", "Eilige Maßnahme erforderlich: Aktualisieren Sie Ihre E-Mail-Informationen" or "AW: Achtung Mitarbeiter und Angestellte," and claim that an update is necessary for the email service. The emails have been sent out from external email addresses with different names, e. g. "uni-muenster". The link leads to an external website that is under the control of the attackers and forwards the login data to the originator. The real login website of the University of Münster was recreated in every detail.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The e-mails have the subject "Unser System hat am 11. Juni 2024 fünf fehlgeschlagene eingehende Nachrichten erkannt" and claim that some messages could not be delivered due to an error and therefore a "recovery" is necessary. The sender is pretended to be “IT_Support@uni-muenster.de” with an internal sender address. However, the link leads to an external website that is under the control of the attackers and forwards the login data to the originator. The real login website of the University of Münster was recreated in every detail.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The observed e-mails have the subject "Re: Routineanwendung für Lohn- und Gehaltsabrechnungen" and come from an external address, mostly with the name "Awais Ahmed/Sales/Islamabad". Users are requested to check their salary payout ("Verdienstabrechnung") but are instead forwarded to an external website which is controlled by the attackers to harvest their credentials.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The e-mails have the subject "Sie haben zwei wichtige Nachrichten von der Universität Münster erhalten, die nicht zugestellt werden konnten Aufgrund einer Systemstörung." and claim that some messages could not be delivered due to an error and therefore a "recovery" is necessary. The sender is pretended to be “UNIVERSITÄT MÜNSTER-KONTAKT” with an internal sender address. However, the link leads to an external website that is under the control of the attackers and forwards the login data to the originator. The real login website of the University of Münster was recreated in every detail.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

Those emails were sent from different external addresses and give the impression that the mailbox storage space is full and action is necessary. Different German titles could be observed, such as "Sie nutzen derzeit 100% Ihrer gesamten Speicherkapazität. Bitte geben Sie sofort Speicherplatz frei.", "Sie haben 100% Ihres Speicherplatzlimits erreicht. Es sind Maßnahmen erforderlich, um Probleme zu vermeiden." or "Bitte archivieren oder löschen Sie die Dateien. Ihre Dateien.". The emails contain links that redirect to a website that deceptively replicates the login interface of the University of Münster, but is controlled by criminals.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The observed e-mails have the subject "Routine für die Lohn- und Gehaltsabrechnung der Mitarbeiter" and come from an external address, mostly with the name "Simon László". Users are requested to check their salary payout ("Verdienstabrechnung") but are instead forwarded to an external website which is controlled by the attackers to harvest their credentials.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The phishing e-mails are sent with the subject "Bitte beachten Sie, dass Sie eine ausstehende Nachricht zu Ihrem Gehaltsabrechnungskalender für Februar haben" and use the fake sender "Helpdesk - University of Münster" with a sender address of the University of Düsseldorf.  The content asks you to check supposed "messages" relating to payroll accounting and contains a link to an external website that is a deceptively genuine replica of the IT portal login page.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The observed e-mails have the subject "Re: Routine für die Lohn- und Gehaltsabrechnung der Mitarbeiter" and pretend to be from a "Margarita Hernandez" from the "Abteilung für Lohn- und Gehaltsrechnung" (payroll/salary department). Users are requested to check their salary payout but are instead forwarded to an external website which is controlled by the attackers to harvest their credentials.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The phishing e-mails are sent out with the subject "Die Universität Münster hat Ihnen einen wichtigen Bescheid geschickt" and use the fake sender "Die Universität Münster-Portal". Various sender addresses have been observed, some from other universities. The content requests the accessing of supposed "Bescheiden" and contains a link to an external website that deceptively imitates the IT portal login.