Jump to main content

Internet scammers are getting smarter

Famous brand names such as Coop, Posten, Apple, and PayPal have been used to trick UiA staff and students into giving out passwords and login data. Although UiA has advanced filters that block most of the scams, some slip through.

(Image: Colourbox)

(Illustration: COLOURBOX)

"Recently, we had a case where all employees at the Faculty of Health and Sport Sciences received a scam email from someone pretending to be PayPal", says team leader at UiA Computer Centre, Helge Høynes.

The scam slipped through the filters but was discovered, and everyone who received the email got a warning email from IT.

Report to spam@uia.no

"We received notification from several who forwarded the message to spam@uia.no - the email address where the IT Division is notified of scams and other fraud attempts. The chance of us discovering such messages increases when people are quick to report to us. Then we can warn about the scam, and if we are quick we can remove the email from all inboxes to help prevent recipients from accidentally opening it", says Høynes.

One way to detect fraud is to move the mouse-pointer over address fields - in this case, the "Login Now" field in the image. Then the actual address comes up, and it has nothing to do with PayPal - even though it looked like PayPal's login page for those who clicked on it.


Scam email sent to staff at the Faculty of Health and Sport Sciences.

Scam email sent to staff at the Faculty of Health and Sport Sciences.

Fraudsters use well-known brands 

"There are constantly scams that exploit well-known brands such as Coop, Elkjøp, Posten, Bring, Apple and now PayPal", says Høynes.

Some variants of fraud are more targeted than the mass fraud attempts. One example is the so-called director scam, where cybercriminals impersonate a senior member of management - often requesting urgent payment.

Some at UiA have been tricked in such scams. They have received emails that appear to be from their department manager who requests that they buy gift cards on their behalf.  The email claims they are in a situation where they cannot use their own bank connection, or some other more or less credible explanation.

Some scams are very sophisticated: UiT - The Arctic University of Norway paid a €1.2 million invoice which turned out to be a scam. The Ministry of Education warns universities and colleges against fraud attempts, Khrono wrote just before Christmas.

NorSis - The Norwegian Center for Information Security has several cybersecurity tips.

Two-step verification blocks the attack. (Illustration: Thomas Andersen)

Two-step verification blocks the attack. (Illustration: Thomas Andersen)

What can you do to secure yourself online?

The most important thing is to be careful and vigilant, even with messages that appear to be from people or companies you know and trust.

UiA now sets up two-step verification when logging into Office 365. Read more about the introduction on Innaskjærs.

Sikresiden.no/en is specially developed for the higher education sector and is filled with advice on what to do in an emergency, or better yet, how to prevent such situations. They also have information about online fraud.

Sikresiden.no/en provides advice for every type of emergency such as accidents, fires, and other situations. Take a look at it and download the app to your phone's home screen to keep it readily accessible.

Follow UiA's guidelines for secure sending of data when dealing with sensitive or confidential information.

Read about privacy protection at UiA.

The Consumer Authority has the page Reveal online fraud.