Phishing scams involve e-mails and fake online sites that dupe users into revealing their password. This also happened with the attack aimed at UT staff and students. The sender of this mail seemed to be a UT employee and was supposedly signed by the ICT service itself (see the screenshot below). LISA investigates the scale of the attack and how the information ended up in the wrong hands.
According to Peters, criminals exchange lists with e-mail addresses. ‘This could be the case of the UT attack. Criminals use the hacked addresses to send more spam, such as mails with advertisements about Viagra. They can earn money with that.’
At an organization such as the UT, criminals can also use the phishing mail for other purposes, Peters says. ‘They are trying to get access to the network via a VPN connection. Or they are looking for research data. But that is unlikely in a large-scale attack, like last weekend.’
According to Peters, it is very difficult to prevent a phishing attack. ‘It is mainly up to the users themselves to pay attention. The mail looked very good and seemed to come from the ICT Service Desk. Users who clicked on the link arrived at a fake UT site. There they had to change their password. This page was copied reasonably well, but the green security bar was missing.’
There’s been a warning about the phishing email at the UT website. ‘In our message we advise not to click on the link in the mail. If you have clicked, we recommend changing the password immediately. This also applies to other sites where you use the same password.’