0
Jump to main content

Phishing: Do not trust senders you recognize

“There has been many cases of phishing this autumn, among other things, Posten's fraud reports and DNB's website have been used to send phishing e-mails“, says Helge Høynes.

Illustration: Thomas Andersen.

(Illustration: Thomas Andersen)

Read the illustration below, for understanding how many phisher-e-mails which are taken out by the UiA filters.

Universities are attractive targets, because of the large number of e-mails and the possibilty this gives if the hackers make it through the filters. One of the hackers wet dreams are to get access to someones e-mail, to use it for mailing tens of thousands of smap-e-mail, using your e-mail as sender.

 

 

Overview of incoming emails to UiA per hour. The blue line shows rejected spam / phishing messages. The green line shows messages delivered in the inbox. On 11 October, 19,534 messages were rejected by UiA's filters, 819 messages escaped and were delivered to the inboxes within one hour - between 16:00 and 17:00. There were probably messages that should have been taken out also among the 819 who escaped. It is worth noting that on ordinary days there is a relatively equal distribution between accepted and deleted filters.

Overview of incoming emails to UiA per hour. The blue line shows rejected spam / phishing messages. The green line shows messages delivered in the inbox. On 11 October, 19,534 messages were rejected by UiA's filters, 819 messages escaped and were delivered to the inboxes within one hour - between 16:00 and 17:00. There were probably messages that should have been taken out also among the 819 who escaped. It is worth noting that on ordinary days there is a relatively equal distribution between accepted and deleted filters.

Both DNB and the The Norwegian Post (Posten) are well-known senders that most people trust. This is exactly the reason why online scammers use such names to scam you or use your computer be used as a terminal to send out fraudulent emails. This is also the reason why you should be careful when you receive emails people you know: they may have been scammed too.

Always check the email address field to make sure there is really a sender you trust before opening your email, and always pay attention how links look like before clicking on them. To do this, hover the mouse pointer over the link.

Use spam@uia.no

The "bad guys" adjust the transmission method to get through spam filters. Many at UiA are good at forwarding spam or phishing messages to spam@uia.no. Feedback to spam@uia.no has led to approximately 50,000 spam / phishing messages being withdrawn from the UiA mailboxes in the period mid-May to now.

“Be extra skeptical of messages that end up in the spam folder“, says Høynes.

See the video from SikreSiden (in english) on how to avoid risks online.

 

This example of phishing came in this weekend. This is the first image that came up:

This example of phishing came in this weekend. This is the first image that came up:

Those who clicked on the link saw this image: a copy of Sparebank online banking page. If you see the address field, you will notice that you are not on Spareban1 website. Checking the address field is the first step in preventing phishing.

Those who clicked on the link saw this image: a copy of Sparebank online banking page. If you see the address field, you will notice that you are not on Spareban1 website. Checking the address field is the first step in preventing phishing.

Tips to avoid phishing

Read more about phishing attacks and how you can avoid them on Nettvett.no (in Norwegian). Here you will also see what you should do if you have been scammed and especially if you have given your username and password. The first step is to change your password of your email account, because it is the way to most of your online activity.

“As an individual user, we must do what we can do (...). The day I do not have to talk about emails and good password routines, is the day we have finally gotten that good at it that hackers no longer can get through”,  says Roar Thon, Director of the National Security Authority (NSM). 

Remember to:

Check Sikre-siden: your handbook for safety in private settings and at work. Download it on your mobile, and have it at hand in case you need advice in an emergency situation: www.sikresiden.no/en