What do I do if I have become the victim of a phishing scam?
Always be vigilant when you receive emails. Companies do not ask for personal information or account details via email. This also applies to the ICT or HR department of our university.
A phishing e-mail is a fake mail that is often forged so cleverly that it is hard to distinguish from an authentic e-mail. Hackers "fish" for your data in this way or spread viruses that give them access to your data.
- Never open attachments or links in e-mails that you find suspicious or strange.
- Never enter your password and never indiscriminately install software.
- Check the internet address (URL) by typing the address directly into the address field of your browser, so you can check whether the URL is real.
- Always check the sender's e-mail address. This is done by hovering the cursor over the sender's e-mail address. With phishing e-mail, the sender is often an address that is vaguely like the real name of an organization or company.
- The e-mail always contains a request to share private data, usually as a matter of urgency.
If you have responded to a phishing e-mail or if you are in any doubt, please contact the CERT team immediately.
Beware of strange requests from a 'friend' (social engineering)
Sometimes hackers try to pretend to be someone you know (e.g., a colleague), asking you to share certain information. This is a form of social engineering. A typical example is a request to make emergency payments or buy gift vouchers for someone who can't do it himself.
When in doubt, always contact the person in question by phone and ask if the request is genuine.
If you are asked for confidential information, always consider whether you are allowed or able to give that information.
If you are in any: do not respond!