When someone clicks on a link in an email or SMS as part of a fraud attempt, the attack is hopefully detected quickly. When a fraud attempt is indeed detected, the employee’s accounts that were being used are suspended to minimise the damage.

Suspended accounts often require employees to go to a reception desk, identify themselves and obtain an activation code in order to select new A and B passwords. Since A and B passwords are vital to most employees, this naturally entails major disruption to their work.

Higher number of suspended accounts

Over 200 employee email accounts were suspended between 21 and 25 November 2022. This compares to around 60 accounts being suspended between September 2022 up until the week of 21 November.

“It is difficult to counter emails with fraudulent content or intent, which of course feels disappointing,” notes Pelle Lindé, IT Solution Manager for digital communication. University IT Services collaborate closely with the Security and Safety Division on shorter response times when an incident occurs. However, as the fraudsters are constantly refining the text and wording of the fraudulent emails, it is very difficult to create effective proactive measures. It thus becomes increasingly easy to be deceived by such fraud attempts.

Do people usually discover themselves that they have been deceived by attempted fraud?

“The most common scenario is that individuals do not realise that they have been deceived. They think they’ve done the right thing. But many also discover that ‘something strange starts happening’, such as their computer suddenly sending thousands of emails. We hope and ask that those affected contact security@uu.se so we can take measures to reduce the problems. We know it's easy to be tricked, so we don't judge anyone.”

Do you have any advice?

“You can easily be deceived by the fact that the sender is an important person within the organisation. But keep in mind that a demand or request for action, such as giving out your login details, money, etc., may require an extra check with the sender to make sure it's not a fraud attempt. “

See also the links in the fact box below for more tips.

A problem here to stay

The number of fraud attempts will most likely not decrease, quite the contrary. Those who work on IT security issues are instead anticipating an increase before the Christmas holidays.

“Many phishers are taking the opportunity to send fraud attempts via email and SMS now that many people are Christmas shopping. The scams often involve shipping costs, import costs, locating your package (which you haven't ordered), a lack of funds in your account, a need to confirm your order, or a colleague standing at the checkout and needing money now,” adds Lindé.

What is the longer-term outlook?

“We believe the problem will be with us for a long time to come. We are looking at changing login technology, among other things, to prevent or hinder unauthorised use of our accounts, but that's a pretty big step that everyone who uses our systems needs to be involved in taking. It’s not easy to enhance security without making changes for our users at the same time,” concludes Lindé.