Watch out for fake emails: phishing and ransomware

Criminals are constantly finding new tricks to steal your log-in credentials or make you download viruses and ransomware. Help prevent this by following the steps and tips below.

How to recognise and check phishing emails

• Were you expecting an email from this person/organisation? Are you suspicious? Call the sender but never use the telephone number in the email!
• Does the email ask you to do something urgently, such as pay an invoice or click on a link to check or supplement your details? Be even more cautious! Remember: no UvA systems administrator will ever ask you for your password.
• Check whether the email address is the same as the official email address of the supposed sender, organisation or company. The domain name (everything that comes after the @ sign in the email address) should match the organisation or company’s website URL. You can check the email address by hovering the mouse pointer over it, without clicking. If the email is fake, the email address will contain a variation of the organisation or company’s actual name (in which the I has been replaced by an L, for example).
• Check the link. Only click on a link in an email if you know for sure that the website URL is genuine. You can check this by hovering the mouse pointer over the link, without clicking. This will show you the URL. Does this look suspicious? Enter the URL at scamcheckExternal link to check whether it is genuine or not. An official website URL will contain the company’s name, followed by a full stop and the domain .nl or .com. A padlock icon means that the connection is secure, but is no guarantee that the website is safe! See this infographic (pdf) for more details and tips on recognising fake email address and website URLs. NB: emails from addresses ending in @e.uva.nl or @e.hva.nl are safe. The UvA uses these subdomains to send newsletters by email.
• Check the file extension. This is the suffix at the end of a file name (the letters after the full stop) that indicates what type of file it is. The following file extensions are suspicious: .exe, .zip, .js, .lnk, .wsf, .scr, .jar  Never switch on macros!

Have you received a phishing email at your UvA/AUAS email address? 

Send the suspicious email as an attachment to the ICTS Service Desk and we will update the spam filters to make sure this fake email no longer comes through. Delete the phishing email.

Have you clicked on a link or attachment in phishing email by accident?

• Switch off your internet connection immediately.
• Report to the ICTS Service Desk what has happened.
• Perform a virus scan and change your passwords, because malware is capable of forwarding your passwords to criminals.
• Have you entered your UvAnetID password on a fake website? Report this to the ICTS Service Desk and change your password immediately. Check if your account has been used by someone else. These guidelinesExternal link outline how to verify this.

Tip: Test how good you are at recognising phishing emailsExternal link.