04/04/2025 | Information on

Urgent warning about scam emails with Apple gift cards

Ladies and gentlemen, dear colleagues,

I would like to draw your attention to an email scam that is currently on the increase - including at the University of Kassel. I would ask all supervisors of student employees to raise awareness among their staff.

We have recently received several reports of attempted fraud involving Apple gift cards. Unknown perpetrators are pretending to be superiors by email and trying to persuade the target person to buy Apple gift cards under a pretext. A freshly created mailbox at Google.com with the full name of the head of department XY as the display name and a short request asking whether they "have time at the moment" is the classic scenario. If you reply to the first message, the target person is instructed to buy the gift cards under the pretext of urgency and with clear instructions. If you fall for it, there is little chance of getting your money back via Apple Support.

It is important to remain vigilant in everyday life and to question unusual requests.

Please note the following tips to protect yourself:

Check unusual emails carefully:
If an email comes as a surprise, such as a request to buy vouchers or transfer money - especially if you are in a hurry - be skeptical. Ask yourself: Would my superior(s) ask me to do something like this by e-mail?
Check the sender's address:
Pay close attention to the sender's address - not just the name displayed. Fraudulent addresses are often only slightly modified or come from external domains.
Urgency = warning signal:
Fraudsters deliberately build up pressure ("I'm in a meeting", "This has to be done quickly"). Don't let yourself be rushed - and don't act rashly.
Do not pass on confidential data or codes by email:
Never send passwords or credit codes by email, messenger or text message - not even to seemingly known contacts. No superior may force you to privately purchase (Apple) gift cards for business purposes!
Obtain reassurance:
If in doubt: call back! Use known telephone numbers or channels to obtain reassurance. A brief telephone confirmation can prevent fraud.

What to do in case of suspicion?

Do not reply, do not click.
Forward e-mail to isb[at]uni-kassel[dot]de.
Report suspicious activity.

Further help on phishing:

https://www.uni-kassel.de/hochschulverwaltung/organisation/beauftragte/informationssicherheit/schutzmassnahmen/e-mail-sicherheit/schutz-vor-phishing

Further help on social engineering:

https://www.uni-kassel.de/hochschulverwaltung/organisation/beauftragte/informationssicherheit/schutzmassnahmen/social-engineering

Social engineering red flags one-pager:

https://www.knowbe4.com/hubfs/Social%20Engineering%20Red%20Flags%20KB4_DE.pdf (German)

https://www.knowbe4.com/hubfs/Social-Engineering-Red-Flags.pdf (English)

Information from Apple on fraud attempts with gift cards:

https://support.apple.com/de-de/120933

Best regards
Dr. Oliver Fromm
Chancellor of the University of Kassel