Lately, Library and IT Service regularly receive reports of phishing mails. Due to the fact that many employees work from home and students study at home, we cannot offer the protection at network level that we normally do. As a result, fewer phishing mails are stopped, so more phishing mails are received by employees and students. We would like to draw your attention to these specific mails.
Tips for recognizing phishing e-mails
Want to know how to recognize a phishing e-mail? Read the tips below!
- Always check the sender’s e-mail address by hovering the cursor over the sender’s name. If it is a phishing e-mail, the sender’s address is often unfamiliar or vaguely like that of an authentic organization or company.
- A phishing e-mail often contains spelling mistakes or grammatical errors and always asks you to share private data, usually as a matter of urgency. So be on the alert!
If you receive a request from a 'colleague' (e.g. a 'lecturer'), always check whether it is indeed a colleague or lecturer from Tilburg University. And if you are asked for (confidential) information, always consider whether you are allowed/will be able to give that information to that colleague/teacher. In case of doubt: do not share the asked information!
Current examples of phishing
Phishing mails about the corona crisis. Criminals seize the coronacrisis to abuse it. Through phishing mails in the name of the RIVM, for example, they try to spread computer viruses and ransomware or falsify data.
Phishing mails with a fake link from WeTransfer. Before clicking on the link, always think about whether you expect a large file or a set of files and check whether the sender is someone you know.
What to do
- Never open attachments or links in e-mails that you don't trust, don't recognize or is sent by a unknown senders.
- Never enter any passwords and never blindly install software.
- Never respond to the e-mail in question and certainly do not contact them via the contact details mentioned in the e-mail.
If you are unsure whether an e-mail is a phishing e-mail, we advise you to inform the CERT team.