Attempts at fraud via email are constantly evolving. One method that has increased is whaling, which is a kind of spear phishing. The term whaling refers to how the fraudsters target the biggest fish. In practice, this means that decision-makers and people high up in the hierarchy are defrauded in various ways.

Phishing began where mass mail was sent to as many people as possible in the hope that lots of people would be fooled. Phishing has since evolved and now attempts to trick specific people or functions.

Pretending to be a manager in need

Whaling is a form of targeted attack where the fraudster poses as a manager or senior person. For instance, it may be an attempt to make it look like your boss is at the airport and needs money transferred immediately.

The aim is usually the same in all these types of email fraud attempts: to trick the user into handing over something of value. A password, bank account details or money, for example.

Uppsala University, banks and other organisations will not ask you for valuable documents via email. You should always be suspicious of this type of request, especially if it is claimed to be urgent.

Several employees affected

The number of fraud attempts that aim to trick employees into helping a vulnerable manager/head of department/professor has increased, and unfortunately several employees have lost quite a lot of money.

“There is nothing we can do as an authority, even though a lot of money may be involved for individual employees. The fraudsters have accessed private funds, so this is not something that the authority can deal with,” says Veronika Berglund, head of information security at the university administration.

If you are the victim of such fraud, you are advised to report the incident to the police immediately and then contact your insurance company and bank to see whether compensation is available.

Be suspicious

– You should always be suspicious of any email containing links or attachments that you are not expecting or that claim to be urgent; gift cards, invoices, allegedly full email inboxes or messages from superiors requesting financial assistance, for instance.

Do not use contact details or links that you find in an email unless you are absolutely certain that the sender and the email are authentic. If an email seems odd, do not click on any links, do not open attachments, do not call or text phone numbers in the email. Do not reply to the message either.

Instead, send the suspicious email with attachments to the security department at the university administration. The security department will check whether the message is valid and advise you on possible action.