How to recognise phishing? What should you do with phishing mails? And what if you have clicked on a malicious link? Read our tips and tricks below and become a cyber hero!
Phishing emails often contain a link to an external website. Never simply click on links in emails, always check the URL.
You can do this by hovering over the link with the mouse. The domain name is the word before “.com”, “.org”, “.eu”, … and before the first slash. It must match the name of the organisation. For example:
- https://www.geant.org/Networks – the domain name in this URL is GÉANT, which is the actual name of the organisation.
- https://www.geant.page.org/Networks – the domain name is “page”, so you will be redirected to another website!
You can also type in the main URL of a domain yourself. If the mail appears to come from GÉANT, go to geant.org and look for the information in the mail. Can you not find anything on the official website? Then there is a good chance it’s a case of phishing!
Have you identified an email as phishing? Then forward the email to your IT department or security officer. Then you’ll be a cyber hero!
Have you received a text message with a particularly enticing offer? Or have you suddenly received a message in your mailbox that you have won a fantastic prize in a competition, without recalling having entered one? All you have to do is leave your personal details to claim the prize… Don’t fall for the trap! These are fake messages intended to scam you!
Phishing is no longer only limited to emails. Cyber criminals also try to lure you into a trap via SMS (“smishing“, a contraction of SMS and “phishing”), messages on WhatsApp or on social media.
How to recognise phishing mails
- Do you know the sender? Always check the email address. But beware: even if the email address seems correct, it could still be phishing.
- Did you expect the message? An email requesting you to trace a package when you haven’t ordered anything is always suspicious!
- Are there typing or spelling errors in the text? Then be extra vigilant. Also when you are addressed with a vague name or with your e-mail address, beware.
- Are you asked to provide personal or confidential information by mail, text message or telephone? Don’t ever reply to these. Official bodies (the government, your bank, etc.) will never ask you for codes via a link.
- Check the url before clicking on a link. The domain name must match the name of the organisation.
- Does the message contain unexpected attachments? Then be very vigilant. Attachments may contain malware that can infect or take over your computer.
What should I do with phishing emails?
Delete the email immediately. If your organisation asks you to signal phishing mails, first forward the mail to your organisation’s IT department or helpdesk. Then you’ll be a cyber hero!
With the tips above, you can already do a first check yourself. Do you still have doubts after that? Then there are several possibilities:
- Does the mail claim to come from a department of your organisation? For example, from your IT department asking for a security update or adapting your credentials? Then contact them by telephone first.
- Does the message come from a company or organisation? Then contact them via an official channel (e.g. their website, the number or email address on their website) to ask if their action / offer really exists.
- If the message appears to come from a friend, contact the person in question. If he or she is unaware of the message, tell them that their email address is being used to send fake emails.
The rule of thumb remains: if in doubt, don’t click and don’t open any attachment(s)!
Cyber criminals make clever use of attachments to install malware on your PC. There are different types of malware such as viruses, worms, spyware (which collect information about you and forward it to the hackers), ransomware (which locks data on your PC in exchange for a ransom).
So be careful with messages that contain unusual or unexpected attachments. Some tips:
- Never open attachments that ask you to enable macros! An infected attachment will install malware on your PC and cause significant damage.
- Never open attachments with the extension ‘.exe’.
- If a sender is attempting to arouse your curiosity, this should ring alarm bells. Hackers often use typical human characteristics to entrap their victims.
- Watch out for e-mails with invoices attached.
- Are you in doubt? Then contact the sender via an official channel.
Help, I think I have clicked on a malicious link / opened a fake attachment! What should I do now?
You’re not the only one: phishing emails are becoming more sophisticated, and even for experts in the field it’s sometimes difficult to spot them. However, it is important that you take immediate action.
You worry that you have clicked on a fake link
- Have you passed on bank details? Notify your financial institution immediately and have your (credit) card blocked.
- Did you pass on login details of professional applications (e.g. your mailbox)? Then notify your IT department immediately so they can block your account. They will inform you about what to do next.
- Warn your friends that you have clicked on a fake link or forwarded a fake message.
You worry that you have activated malware via an attachment
- Disconnect your device from the network/Internet straight away.
- Run a full scan with your antivirus programme and remove the malware. If this does not work, call in the help of a professional.
- If you have opened the attachment with a professional device (e.g. a laptop that you use for your work or study), immediately inform the IT department or helpdesk of your organisation. They will guide you through the next steps.
Read more on the GÉANT Cyber Security Month 2020: https://dev.connect.geant.org/csm2020