This was a phishing e-mail!
Your P-number and password are safe!
Did you enter your P-number and password? Please do not worry, your login details and files are still secure! This time, they did not fall into the wrong hands and your account will not be blocked.
Why this e-mail?
This e-mail, part of the campaign “Your bytes are your babies..”, demonstrates how internet criminals try to steal your login details so they can abuse your account. The objective of the campaign is to help you recognise this type of identity theft and create more awareness of the risks.
Why is this a phishing e-mail?
The e-mail pushes you to act quickly:
it pushes you to do something
you are expected to react within 12 hours
there is a threat
if you do not react, your account is supposedly blocked
you are being asked for personal details
the link in the message takes you to a false login page where you are being asked for your login details
The login page is false because:
there is no padlock in the address bar
when a padlock is missing, the site can easily be fraudulent
the web address does not start with https://
the link takes you to an http:// address. Data cannot be sent securely from such a page
the domain name does not end with .rug.nl
criminals often claim domain names that strongly resemble a legitimate domain. In this case you are taken to diyrug.nl instead of diy.rug.nl
By hovering over the link with your mouse cursor, the actual internet address will be displayed at the bottom of the screen. That way, you can recognize a false site without clicking on the link.
Whats are the risks?
- You will not be able to use for account for at least a couple of days as access to your account will be blocked to prevent further misuse.
- While your account is blocked, all e-mails sent to you will not be delivered and will disappear. The sender will be informed that your e-mail address does not exist.
- An unauthorized party has gained access to your account, and therefore also to MyUniversity. This gives access to your personal information, including bank details, home address, e-mails and files.
- The unauthorized party may also have gained access to your social network or other accounts. The ‘Forgot password’ service will allow this party to reset your password by having a new password sent to your e-mail address (which has already been taken over).
for the University
- E-mail providers such as Hotmail will put the University of Groningen on a blacklist. E-mails from a University of Groningen address will not be accepted and therefore not reach the intended recipient. This can be damaging to the University’s image and reputation.
- There is a real risk of sensitive information being stolen, as the unauthorized party can request information in your name.
- Blocking and unblocking accounts is expensive.
What should you do when you react to an actual phishing e-mail?
- Change your password immediately at diy.rug.nl. A new password will prevent further access for anyone but you
- Always contact the CIT Service Desk as soon as possible. The CIT Service desk can help you to change your password, and it can also arrange for your PC and X: drive to be cleaned up so that untrustworthy and harmful files cannot cause any more damage.
Learn recognize phishing
Don't take risks, recognize phishing. Sign up for a presentation!
|Last modified:||05 April 2016 1.03 p.m.|