We are currently observing that mails with compromised (mostly older) real mail histories are being sent to HHU mailboxes to the original recipients. These mails contain a link to an external page that is supposedly used to spread malware. In other cases, PDF files with malware have been sent. At first glance, the sender appears to be the University of Düsseldorf/HHU, but a closer look reveals that the mails are being sent from external addresses. Please also note our security information in the HHU Wiki: https://wiki.hhu.de/x/4IhYB

Please do not click on the link contained in the mail and delete the message!

If you have clicked on the link, immediately disconnect your computer from the network and run a scan with anti-virus software.

The source of the content used appears to be compromised HHU mailboxes as well as mailboxes from external providers.