Phishing: don't stay in the Net!

(01-10-2019) October is Cyber Security Month. A lot of serious cyber attacks start with a single succesful phishing attack. Be aware of these kind of attacks.

In phishing (in the strict sense), a scammer tries to obtain sensitive information for later abuse, such as a credit card number or password. If you accept a fraudulent invitation, it can have far-reaching consequences. We help you on your way to recognize phishing and to deal with it correctly.

What is phishing?

Phishing is a form of internet fraud. For example, users are lured to a website via a fraudulent e-mail. However, this website is a copy of the real site and aims to collect as much information as possible that cyber criminals can use.
If you respond to a phishing e-mail, one of the scenarios below is possible:

  • Money transferred will be transferred to the hacker's bank account
  • Your account details are in the wrong hands and your account is being misused to send spam. Your e-mails and data may be downloaded and thrown on the internet
  • Your device is blocked with "hostage software" and you or several colleagues can no longer work
  • Your device is infected with a keylogger to steal your passwords
  • The hacker gains control of your device without your knowledge
  • ...

How can you recognize phishing?

In the year 2019, specialized hackers create emails that just look real and that seem to come from a reliable sender. Some examples of the content of such emails:

  • Your boss asks you to execute a payment order urgently
  • You will receive an invoice from a known supplier with the request to approve the payment
  • A help desk asks you to verify your login information
  • A colleague or acquaintance provides you with an interesting web link
  • ...

Recognizing phishing emails is a matter of vigilance. The rule is: do not work too quickly and occasionally dare to ask yourself "is this safe?" There are often spelling mistakes in phishing e-mails, but hackers are also becoming more professional. Are you in doubt? Then take the certain for the uncertain and just do not respond to it. You can also always check with the (alleged) sender via another channel whether it is a legitimate e-mail.

Where can you report phishing?

DICT built in a number of technical mechanisms to keep phishing (and spam) as good as possible away from the UGentNet. But with many cyber attacks every year, DICT also needs the help of all employees: stay alert and report any attempted phishing to DICT. Certainly don't forward the phishing e-mail, but send it as an attachment to the DICT help desk. You can find the complete reporting procedure here.

In the past, some employees placed phishing simulations on the internet for educational purposes. Know that this is strictly forbidden under Ghent University regulations, since malicious and well-intended actions are difficult to distinguish. For this reason, external security organizations can block UGentNet or Ghent University e-mail.

More questions about phishing? Contact , IT security officer at DICT.