Information on phishing

Phishing is a form of internet-fraud used by by criminals to get hold of your personal data or credentials. To succeed in getting hold of your data, all kinds of techniques are applied. It is imperative for your own safety and for the safety of the data of Maastricht University that you learn to recognize phishingmails.

Common Features of Phishing Emails
•    you are asked to reveal sensitive information, like your login details, by replying to their message;
•    you are asked to click on a web link and fill in a web form
•    you are asked to click on a web link which leads you to a, hardly noticeable, imitation of a legit 
      webpage.
•    poor use of language;
•    phishing emails typically use generic salutations;
•    a reply-to address  that does not belong a legit company domain
•    an internet link (URL) not directing you to a trusted domain.
•    email with high-risk attachment file types include .exe, .scr, and .zip.

Kinds of phishing

Every employee or student of Maastricht University now and then gets confronted with a phishing-attempt. Preventing all attempts is impossible, so it is vital that you recognize a phishing-attempt when it presents itself to you. They appear in all kinds of forms, like:

•  Spearphishing: a well-prepared phishing-attempt directed at a specific person,
•  CEO-fraud (aka whalephishing): a phishingattempt that looks like a message with an urgent message, sent     by a manager of your department
    See example
•  Consent-phishing: cybercriminals attempting to get access to your account by sending consent-
     requests from applications you deem trustworthy
     See example
•   Phishing by SMS-messages ('smishing') or applicaties like WhatsApp
     See example
•   Fake telephone calls during which criminals apply social engineering tactics to retrieve the information            they are looking for.
     See example