My UM
My UM
Search

Protect yourself against phishing

Phishing is one of the most common forms of cybercrime. Think of fake emails, phone calls, WhatsApp messages and even letters. Criminals are constantly coming up with new ways to contact you. Often, they are so convincing that it is difficult to spot them.

In short: phishing is a form of digital fraud. Criminals pretend to be someone else and try to persuade you to share information, such as your passwords or bank details. Or they want you to perform an action, such as making a payment. This gives them access to important information, money or systems. 

Phishing via fake emails

Phishing emails often pretend to come from a trustworthy organisation, such as a bank, government agency, well-known company or UM itself. Criminals use fake addresses and logos to make the emails appear genuine. These messages may say, for example: 

  • that you need to verify your details
  • or that your account has been blocked.
     

When you click on a link, you may not see anything happen immediately. However, all sorts of things can go wrong in the background, such as: 

  • Malicious software is installed.  
  • Your login details are stolen. 
  • Others gain access to your systems or bank account. 
  • Did you click on a fake login page and enter your username and password? The scammer gains immediate access and can take over your account. 

The difference between spam and phishing 

Spam is when you receive unsolicited advertising in your mailbox. Annoying, but rarely dangerous. How can you tell the difference between spam and phishing? 

Spam 
Unsolicited advertising in your mailbox. Spam is primarily intended to sell you something. Examples include emails with discount codes offering cheap products or promising golden investment opportunities. 

Phishing 
Criminals send you an email and pretend to be a trustworthy organisation. For example, your bank, PostNL or even the university. They often try to tempt you into clicking on a link to a fake website or entering personal details (such as your password or bank account details). 

Tips for recognising phishing 

Always be vigilant when receiving emails, text messages, or other communications. Exercise common sense and pay attention to the following:  

Trust your gut feeling: does the message seem strange or too good to be true? When in doubt, do not click on any links or attachments.

Check the sender: look at the display name and the email address. Does everything look correct? 

Check links: move your mouse over the link (without clicking) to see where it really goes. 

General greeting: phishing messages often start with terms such as 'Dear student' instead of your name. 

Urgency: be cautious with messages that urge you to act quickly or ask you to deviate from normal procedures. 

Pay attention to language: phishing messages are often short, impersonal or contain errors. However, AI is making them increasingly sophisticated, so remain vigilant. 

Important rule: Maastricht University or other organisations will never ask you to share or confirm your username and password. 

Here’s what you should do if you receive a (potential) phishing message:

If in doubt: do not click on any links or attachments; instead, call the ICTS Service Desk.

Have you accidentally clicked on a link? Please report this immediately to the ICTS Service Desk via the self-service portal or by servicedesk-icts@maastrichtuniversity.nl.Click here to enlarge the image and make it easier to read.