An increased number of phishing emails are currently being sent to members of the University of Münster. 

The emails have German subjects like "uni-muenster Ticket#1620215544 Postfachspeicher voll Wednesday, October 1, 2025" and pretend to be sent from the mail system of the University of Muenster. They have been sent from external addresses though. The emails claim that the mailbox storage is full. However, these are just false pretenses to lure recipients into visiting an external website controlled by the attackers, which steals entered login credentials.

An increased number of phishing emails are currently being sent to members of the University of Münster. 

The emails have the German subject "Grüße an Studierende und Mitarbeiter!" and pretend to be sent from the "IT-Helpdesk" of the University of Muenster. They have been sent from external addresses though. The emails claim that a migration of the Outlook mailbox is necessary. However, these are just false pretenses to lure recipients into visiting an external website controlled by the attackers, which steals entered login credentials.

An increased number of phishing emails are currently being sent to members of the University of Münster. 

The emails have subjects like "Re: IKT-Dienst-Update" and pretend to be sent from the "IT-Helpdesk" of the University of Muenster. The emails claim that a review of the Outlook mailbox is necessary. However, these are just false pretenses to lure recipients into visiting an external website controlled by the attackers, which steals entered login credentials.

An increased number of scam emails are currently being sent to many members of the University of Münster.

An increased number of phishing emails are currently being sent to many members of the University of Münster. 

The emails have subjects like "Outlook Admin Team!", "AW: IKT-Servicedesk" or "(own email address): IT Security Alert: Your Password Expires In 24 Hours" and pretend to be sent from the University of Muenster. The emails claim that an update or migration of the Outlook mailbox is necessary. However, these are just false pretenses to lure recipients into visiting an external website controlled by the attackers, which steals entered login credentials.

An increased number of scam emails are currently being sent to many members of the University of Münster.

An increased number of phishing emails are currently being sent to many members of the University of Münster. 

The emails have have the German subject "IT-Helpdesk!!" or "IT-Servicedesk-Support" and have been sent from an external address. The emails claim that an update or migration of the Outlook mailbox is necessary. However, these are just false pretenses to lure recipients into visiting an external website controlled by the attackers, which steals entered login credentials.

An increased number of phishing emails are currently being sent to many members of the University of Münster. 

The emails have have the German subject "AW: IKT-Verifizierungshinweis" and have been sent from a University of Muenster address. The emails claim that an update or migration of the Outlook mailbox is necessary. However, these are just false pretenses to lure recipients into visiting an external website controlled by the attackers, which steals entered login credentials.

An increased number of phishing emails are currently being sent to many members of the University of Münster. 

The emails have subjects like "IT-Servicedesk!", "AW: IT-Servicedesk", or "IT-Servicedesk-Support" with minor variations. The emails were sent from external sources, mostly from compromised accounts at other German universities. The emails claim that an update or migration of the Outlook mailbox is necessary. However, these are just false pretenses to lure recipients into visiting an external website controlled by the attackers, which steals entered login credentials.

An increased number of phishing emails are currently being sent to many members of the University of Münster. 

The emails are sent via SharePoint Online and have a subject line indicating that documents are being shared (e.g., 'Paige Capece shared "Document!" with you' or 'Marlon Jose Castillo Monroy shared "Document 12" with you'). The documents are distributed through compromised accounts from other institutions, but it is pretended that the document originates from management personnel of the University of Münster. The documents contain links to external websites controlled by criminals that steal entered login credentials.

An increased number of phishing emails are currently being sent to many members of the University of Münster. 

The emails, with German subjects such as "IT-Servicedesk-Support!" or "AW: Wichtiges Helpdesk-Update", originate from external senders. They falsely claim that your email account requires an update or migration to a new version. The actual intent is to trick recipients into visiting a malicious website controlled by the attackers, where they can steal login credentials.

An increased number of scam emails are currently being sent to many members of the University of Münster.

An increased number of scam emails are currently being sent to many members of the University of Münster.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The emails have the subject “1 neue Termin-Nachricht” or “Action Required” and pretend to be an invitation to an appointment. They contain a link to an external website on which the University of Münster's login page has been replicated. The emails come from external senders, some of them from other universities.

Click here for the full note

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The emails have the subject "E-Mail-Zustellung fehlgeschlagen - (1)" and claim that emails were returned to the sender due to a synchronization error and that these messages now need to be retrieved manually. This is just a false pretext to trick recipients into revealing their login details on an external website that mimics a generic webmail interface. The emails were sent from an external address

Click here for the full note

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The emails have the subject line "Wichtige Personalanpassung" and claim that there have been staff adjustments that need to be verified. This is just a false pretext to trick recipients into revealing their login details on an external website that mimics the Outlook interface. The emails were sent from an external address but pretend to be from an internal sender.

Click here for the full note

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The emails have the subject "Wichtiger Hinweis: Migration auf Outlook Webmail 2024" and claim that a migration to a new version of "Outlook Webmail" requires a registration. This is merely a false pretext to entice recipients to disclose their credentials on an external website. The emails were sent from an external sender address named "Nurefşan Fedakar".

Click here for the full note

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The emails have the subject "Benachrichtigung aus Microsoft Outlook" and claim that a "termination" of the email mailbox is imminent and a "verification" is necessary to prevent this. This is merely a false pretext to entice recipients to disclose their credentials on an external website. The emails were sent from an external sender address named "Iwona Chmura-Rutkowska".

Click here for the full note

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The emails have the subject "Re: Bestätigung oder Stornierung" and claim that the storage space for one's own mailbox has been surpassed and actions are necessary. This is just a false pretext to entice recipients to reveal their access data on an external website. The emails were sent from multiple different sender addresses from the University of Bonn. Legitimate notifications about full storage space via email do not exist.

Click here for the full note

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The emails have the subject "E-Mail-Speicherlimit überschritten" and claim that the storage space for one's own mailbox has been surpassed and actions are necessary. This is just a false pretext to entice recipients to reveal their access data on an external website. The emails were sent from various sender addresses, including from internal email addresses. Legitimate notifications about full storage space via email do not exist.

Click here for the full note

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The e-mails have the German subject "Re: Lohn- und Gehaltsabrechnung für Mitarbeiter" or "RE:  ICT Support." and claim that an update or confirmation is necessary for the email service. The emails have been sent out from external email addresses under different names without any relation to the University of Muenster. The link leads to an external website that is under the control of the attackers and forwards the login data to the originator. It mimics the appearance of the Outlook Web app.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The e-mails have the subject "Dringend: Aktualisierung Ihrer E-Mail-Informationen erforderlich", "Eilige Maßnahme erforderlich: Aktualisieren Sie Ihre E-Mail-Informationen" or "AW: Achtung Mitarbeiter und Angestellte," and claim that an update is necessary for the email service. The emails have been sent out from external email addresses with different names, e. g. "uni-muenster". The link leads to an external website that is under the control of the attackers and forwards the login data to the originator. The real login website of the University of Münster was recreated in every detail.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The e-mails have the subject "Unser System hat am 11. Juni 2024 fünf fehlgeschlagene eingehende Nachrichten erkannt" and claim that some messages could not be delivered due to an error and therefore a "recovery" is necessary. The sender is pretended to be “IT_Support@uni-muenster.de” with an internal sender address. However, the link leads to an external website that is under the control of the attackers and forwards the login data to the originator. The real login website of the University of Münster was recreated in every detail.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The observed e-mails have the subject "Re: Routineanwendung für Lohn- und Gehaltsabrechnungen" and come from an external address, mostly with the name "Awais Ahmed/Sales/Islamabad". Users are requested to check their salary payout ("Verdienstabrechnung") but are instead forwarded to an external website which is controlled by the attackers to harvest their credentials.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The e-mails have the subject "Sie haben zwei wichtige Nachrichten von der Universität Münster erhalten, die nicht zugestellt werden konnten Aufgrund einer Systemstörung." and claim that some messages could not be delivered due to an error and therefore a "recovery" is necessary. The sender is pretended to be “UNIVERSITÄT MÜNSTER-KONTAKT” with an internal sender address. However, the link leads to an external website that is under the control of the attackers and forwards the login data to the originator. The real login website of the University of Münster was recreated in every detail.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

Those emails were sent from different external addresses and give the impression that the mailbox storage space is full and action is necessary. Different German titles could be observed, such as "Sie nutzen derzeit 100% Ihrer gesamten Speicherkapazität. Bitte geben Sie sofort Speicherplatz frei.", "Sie haben 100% Ihres Speicherplatzlimits erreicht. Es sind Maßnahmen erforderlich, um Probleme zu vermeiden." or "Bitte archivieren oder löschen Sie die Dateien. Ihre Dateien.". The emails contain links that redirect to a website that deceptively replicates the login interface of the University of Münster, but is controlled by criminals.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The observed e-mails have the subject "Routine für die Lohn- und Gehaltsabrechnung der Mitarbeiter" and come from an external address, mostly with the name "Simon László". Users are requested to check their salary payout ("Verdienstabrechnung") but are instead forwarded to an external website which is controlled by the attackers to harvest their credentials.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The phishing e-mails are sent with the subject "Bitte beachten Sie, dass Sie eine ausstehende Nachricht zu Ihrem Gehaltsabrechnungskalender für Februar haben" and use the fake sender "Helpdesk - University of Münster" with a sender address of the University of Düsseldorf.  The content asks you to check supposed "messages" relating to payroll accounting and contains a link to an external website that is a deceptively genuine replica of the IT portal login page.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The observed e-mails have the subject "Re: Routine für die Lohn- und Gehaltsabrechnung der Mitarbeiter" and pretend to be from a "Margarita Hernandez" from the "Abteilung für Lohn- und Gehaltsrechnung" (payroll/salary department). Users are requested to check their salary payout but are instead forwarded to an external website which is controlled by the attackers to harvest their credentials.

An increased amount of phishing e-mails is currently being sent to many members of the University of Münster. 

The phishing e-mails are sent out with the subject "Die Universität Münster hat Ihnen einen wichtigen Bescheid geschickt" and use the fake sender "Die Universität Münster-Portal". Various sender addresses have been observed, some from other universities. The content requests the accessing of supposed "Bescheiden" and contains a link to an external website that deceptively imitates the IT portal login.