Information Security - Protect yourself against - Phishing

E-mails or phone calls that try to lure you to fake websites (e.g. from a bank or the Solis login) to let you - unsuspectingly - log in there with your login name and password or credit card number. With all the consequences that entails. Are you falling for it?

How do they work?

First they send you a fake email that seems to come from your bank, energy company, IT department, etc. They often respond to an urgent situation, such as..: "You are going on a trip but your credit card needs to be verified. Prevent payment problems and do this immediately!"
Clicking on the link in the email will take you to a fake website, which is an exact copy of the original. 
Here they try to take away your personal information such as passwords or credit card numbers or they try to have your virus software (called ransomware) installed.

Once they have compromised your passwords or credit card details, they will have access to your data and/or banking.

Would you fall for it?

We all regularly receive phishing emails (examples). Where they used to be recognizable by bad design and language, they are nowadays:

  • Very credible in appearance, complete with logo and layout of the company;
  • The language is formal and correct;
  • The date on which you receive the mail is tactically chosen: just when you go on holiday there is something wrong with your credit card;
  • Often there is an insistence on a quick handling to supposedly prevent something from going wrong. The tone can even appear threatening.

Preventing

How do you know if an e-mail is sincere or not?

  1. No honest person will ask for your password, credit card number, or PIN to do anything. If they do, it's fake.
  2. Make sure that the sender of the message is who he/she claims to be. Check if the e-mail address (from/from-field) is correct. Always check messages coming from your bank or, for example, your IT department. 
  3. Click with care on links in an e-mail. Check them and copy & paste them into your browser (provided you trust the sender). Never open an attachment if you don't trust the sender. Attached files (often in a zip-file) with the extension .exe or Office files with macros are the most dangerous.

What to do if you are a victim

  • Is it your Solis-id and password that have been compromised somewhere? Contact CERT. They will help you immediately.
  • Does it concern banking matters, such as your PIN or credit card number? Inform your bank in order to block your account (or pass).
  • General advice: Immediately change all your passwords on all websites where you have used the username and password in question. You can also report this to the police.

Any suspicions of phishing?

Do you suspect that you have received a phishing email? Would you like some advice? Please contact phishing@uu.nl

This service desk also identifies trends in phishing emails received and reports them to CERT.