Phishing refers to various attempts to trick you into handing over personal data such as passwords and codes via digital communication channels. Such data can later be used to steal information, money or to gain access to IT systems.
Unfortunately, there are many people trying to scam us in different ways via e-mail, online forms, or fake websites. Phishing is a collective name for a variety of ways that people use to try to scam us into handing over sensitive information or to lure us into clicking on a link that is then able to download malicious software.
Of course, this is also a problem for you as an individual via your personal computer, mobile phone and e-mail. If an attempt is successful, it can cause significant harm.
What can happen?
Until now, Uppsala University has managed to avoid any serious harm from phishing. However, Maastricht University was severely impacted in the autumn of 2019. In October 2019, two staff members at Maastricht University each opened an e-mail. Malicious software (ransomware) was downloaded via the e-mail to the University’s servers. It resulted in over 267 of the University’s servers, containing research data among other things, being encrypted and the University had to pay a ransom of millions of SEK to regain access to the encrypted data and even more in overtime hours to deal with the problem.
The attack that targeted Maastricht University also targeted Uppsala University. However, the threat was identified through monitoring and it was possible to put security measures in place to stop the attempt.
It is difficult to know exactly how many phishing attempts Uppsala University has been exposed to. Many people report failed attempts to the Security and Safety Division, however, many are automatically deleted by staff without anything happening. However, it is rare for a user to fall prey to a phishing attempt.
How can you protect yourself?
The most important protection is for you to use your common sense and critical thinking. Does it seem logical, and who is the sender?
Do not click on links in suspicious emails; instead try to find out where the link goes to by hovering the mouse over the link and reading where it directs to.
Avoid entering any information in forms that have been linked to via e-mail.
Common warning signs
It is difficult to create a general checklist to detect phishing attempts, however, the following are a few warning signs that you should be particularly vigilant about:
- Questions asking for personal data, your username, password, codes, credit card numbers.
- Threats of negative consequences. “Your account will be deleted if you do not immediately...".
- Links in e-mails, social media or chat. Phishing links often go to completely different places than they appear to do.
Report attempts to the Security and Safety Division
If you suspect a phishing attempt, err on the side of caution and report it to the Security and Safety Division via firstname.lastname@example.org. Others may have reported the same phishing attempt, but you could also be the first and you could help to stop an attack. Staff in the Security and Safety Division are experts in detecting phishing attempts and they also want to receive information on any attacks as soon as possible to be able to put countermeasures in place.
Getting more information
- Phishing attack against Uppsala University May 2021 (news article 4 May)
- Courses on security issues, including the course “It won’t happen to me”, which is a basic course (currently via Zoom) in information security and various online courses you can take when it suits you.
- Phishing is an IT security problem
- IT security