Skip to ContentSkip to Navigation
Society/business Center for Information Technology Security


The University frequently receives signals of students and staff about e-mail and websites in which they were urged to provide their user names and passwords. Never respond to such messages, which are attempts to steal identity information (so-called 'phishing').

What is phishing?

Phishing is a form of fraud. Criminals mislead you using emails and websites that appear to originate from known, reliable companies. In reality these emails and websites are forgeries. You will be asked for login details, credit card information and/or your social security number. If you provide these details your account may be used for fraudulent purposes, like the purchase of goods or the sending of spam.

Students and employees may receive an email requesting the login information for their mail account, for example. The mail and/or webpage appear to belong to the RUG.

How do you recognize phishing?

General characteristics:  

  • Poor grammar and sy ntax
    The use of language is often poor and grammar and syntax are incorrect. Spelling and grammar mistakes in an e-mail increase the chance you are dealing with a phishing mail.
  • Sense of urgency
    You will be urged to respond quickly. Often a situation is presented in which an account will expire if you do not respond immediately.
  • Impersonal
    Phishing is rarely directly addressed to you by name.
  • Strange links
    In the email you are often asked to click a link to a website. Pay close attention to the composition of this link. Often the real address is camouflaged and you are redirected to a site that is not in the domain.
  • Attachments
    Sometimes you are asked to open programs or files that are attached to the email. These attachments may contain spyware or automatically direct you to a web form.

How do you prevent problems?

  • Do not provide your login details
    Critically approach requests to provide personal details, install a program or log in on a website. The university and other reliable organizations will never ask you to provide your details like this. If there is even the slightest doubt, do not provide your login details
  • Do not click links and do not open attachments
    Are you unsure if a website is reliable? Check in the address bar if you are really dealing with the company you think sent the mail, or a fraudulent third party. You can recognize a secure site by the s in https:// and the small lock icon in the bottom right of your browser. If you are not completely certain that the mail that provided the link is reliable, do not click the link
  • Remove suspicious emails
    If you do not trust the contents or origins of an email, it is best to remove the email from your mailbox

What can happen if you do respond to a phishing mail?

  • The attacker has access to all the files on your X and Y-drive
    Documents can be read, copied, and even removed
  • The attacker has access to all your mail
    Your account may be used to send large amounts of spam email.
  • The attacker has access to personal information including your salary information.
    Your personal details may be read and modified
  • The attacker can access your computer
    Through access to your computer, further personal details can be stolen. Furthermore, your pc can be used to spread viruses and infect other pcs.

Acceptable Use Policy

The University of Groningen has published an IT Acceptable Use Policy. In this policy you will find suggestions for the safe use of your University IT account as well as general conditions for using your account. The Acceptable Use Policy can be found on the University's website.

Last modified:12 October 2022 4.28 p.m.
View this page in: Nederlands