Phishing (Swedish: nätfiske) is when someone sends an e-mail and asks the recipient to disclose their username and password or personal PIN code, or asks the recipient to login on a web page in order to do so, and pretends to be someone else, all for the purpose of fraud in order to get access to login credentials which can, in turn, be misused for other purposes.
E-mail to most units at LTH is handled by LDC, just as for many other units within the university. Incoming mail is first passed through an automatic spam filter, which is also handled by LDC. How the letters are handled depends on how they are categorized. See spam for details.
No filter is perfect. Therefore, single phishing letters slip through, and therefore it is good to know that we never ask you to disclose your username or password via e-mail. If you receive a letter asking you to disclose your username or password, or you are asked to use your LU or LTH credentials in order to log on to a web page that is outside of Lund University, you can therefore be fairly certain that it is a scam and phishing attempt. Never reply to such letters, and do not click on any links in them, but throw the letter away immediately.
The following information on the same subject comes from LDC. LDC would like to see this information spread.
Important information about phishing attacks.
Employees at Lund university will every now and then get emails asking them to reveal their email account credentials. These emails are often written in English but can also be in Swedish. They usually contain a warning that the account's quota is exceeded or that the account may be closed down for some reason. To avoid this, you are requested to return your account credentials including the password.
These emails are only sent to harvest account credentials and abuse the email accounts to send spam. It is dangerous to reveal your password to your email account as it is often used for other systems as well. Staff responsible for computers and systems at Lund university should never have to ask users for their password to any computer system. They should have administrative access that do not require your password.
Other examples of similar emails are the ones that ask you for PayPal-, banking- or creditcard-information. Email that ask you to reveal this kind of information are often very well written and try to exploit peoples fear of being charged or to loose money. These are also fake warnings that only aim to get access to your account and your money. Never answer these mails! Always contact your bank or the claimed source of the email if you have any doubts if it is authentic or not.
No! Please see above. Do not reply to these letters, just delete them.
The same applies to letters asking you to click a link which goes to a web page that is outside LU / LTH, and asks you to log in using LU / LTH account information. Those are also likely phishing attempts.
There is no clear answer to this.
The texts in the scam letters varies, but the message may be for example that one must verify one's credentials in order to keep the e-mail account active or upgrade the disk quota or something similar, and in order to do this, you have to either reply to the message or click a link in the letter that goes to a website. This site is outside the university and thus does not include
lu.se in the URL. This in itself is a pretty sure sign that it is a scam – you should never enter your LTH or Lucat login details on websites that are outside the university!
Often the scam letters are written in English, but it also happens that they are written in Swedish. Often poor Swedish, but fraudsters seem to get better afterwards and hire better translators, so language is no clear evidence of fraud.
Use common sense! Who claims to be the sender, what is the message in the letter, and where does the sender want you to go? Do not reply to the sender and do not click on any links, but instead look at how the sender and URL look like. Is it reasonable? If you are in any doubt, please refer to the following question and answer.
Please remember that e-mail is very easy to falsify. It is in fact in most cases as simple to set a different sender of an e-mail message, as it is to set a different sender on a postcard!
The best advice is that, if you are unsure that a letter is genuine, try to get it verified by other means. Make a phone call and double check with the sender, using a telephone number that you know belongs to the sender.
If you have received a letter that you suspect concerns computer accounts, please call us at LTH Support and double-check.
Remember that your login credentials is what you use to verify your identity at work, and therefore a valuable document, and should be treated as such.
Are you sure you can decide if it is a scam? Some scams are easy to see through, but there are also those who may seem very authentic, even for an IT security expert. You can test your ability to see through a scam on https://www.opendns.com/phishing-quiz/.
Please reflect on the following example.
Someone calls you by phone and presents himself in poor English or poor Swedish. The person claims to be a representative from “your bank”, without specifying what “your bank” is. You look at the caller ID and see that the person is calling from a foreign number. The person on the other end asks you to confirm your personal card number and PIN, so that your credit card “may continue to be kept active”.
Many people would probably be suspicious and had hung up, even before the telephone call had come this far. The same suspicion should be practiced even when the same is done by e-mail.
No! Unfortunately phishing attempts are becoming more common. We are not able to always warn for any attempts of fraud going on. Please use common sense.
Unfortunately, the reality is that no automatic e-mail filter is perfect. Therefore, unfortunately you will have to expect to occasionally receive single phishing letters that have slipped through the filter.
If you have received a letter that you deem is phishing, please delete it or move it to the folder “Spam” in Outlook immediately. Do not under any circumstances click on any links in the letter, and do never answer such letters!
Please also see spam.
Change your password immediately! For instructions on how to change the password, please see the page password. If you also use the same password on other sites, replace it immediately also there. Please also inform LTH Support!
Remember that your login information is what you use to verify your identity at work, and therefore a valuable document, and should be treated as such!
Do you have more questions about phishing? Please contact ServiceDesk.