Alert message: Current wave of phishing via Moodle

Ulm University

Due to current events, we must urgently warn you of a phishing attack against members of the University of Ulm.

The emails are currently being sent via Moodle with the subject "Seminar veg. physiology discussion of the discussion questions". The content of the e-mail asks the recipient to open an external link. The link takes the recipient to a fake homepage and captures the access data entered. These can then be used for further attacks, for example.

How can you recognize these fake e-mails?

  • Currently, the following subject line is being used, among others "Seminar veg. physiology discussion of the discussion questions"
  • Check not only the sender's name, but also the email address for authenticity: (move the mouse pointer slowly over the email address)
  • Check all links that you receive by e-mail (move the mouse pointer slowly over the e-mail address)
  • The content of the emails attempts to put pressure on the recipient to take action (in this case, to disclose access data)

What should you do if you receive such an e-mail?

  • Do not open any unknown external links or file attachments.
  • Do not enter any login data (user name and password).
  • If you have already entered login data or opened an unknown attachment (e.g. in .html format), you must immediately change the corresponding password(s) and arrange for a virus scanner scan. Please pay attention to any conspicuous behavior of your account/workstation computer. If you notice any suspicious behavior, please report it immediately to helpdesk(at) or cert(at)

Please note the general information on the secure handling of e-mails on the kiz information security portal.