How do I recognize a phishing e-mail?

Always be vigilant when you receive emails. Companies do not ask for personal information or account details via email. This also applies to the ICT or HR department of our university.

A phishing e-mail is a fake mail that is often forged so cleverly that it is hard to distinguish from an authentic e-mail. Hackers "fish" for your data in this way or spread viruses that give them access to your data.

We have listed some tips that will help you recognize a phishing email:

  • Always check the sender's e-mail address. This is done by hovering the cursor over the sender's e-mail address. With phishing e-mail, the sender is often an address that is vaguely like the real name of an organization or company
  • Check links in the e-mail, but do not click. Check the URL (the address) of a link by hovering over it with your mouse (don't click, of course!). Look carefully for strange things, such as weird characters or strange words in the URL. 
  • Open attachments only if you are expecting them and they have a reliable extension (such as .docx or .xlsx). 
  • Phishing often involves threats of dire consequences or high costs if you don't act quickly. So be extra vigilant when an email contains high urgency or a certain time constraint.

    Sometimes hackers try to pretend to be someone you know (e.g., a colleague), asking you to share certain information. This is a form of social engineering. A typical example is a request to make emergency payments or buy gift vouchers for someone who can't do it himself.

  • When in doubt, always contact the person in question by phone and ask if the request is genuine, or ask a colleague to take a look.

    If you are asked for confidential information, always consider whether you are allowed or able to give that information. If in doubt: don't do it!

If you have responded to a phishing e-mail or if you are in any doubt, please report this via the Report a security problem form.