Warning: phishing emails doing the rounds
Since Monday, December 13, 2021, many of Leiden University’s employees and students have been recieving phishing emails. These emails contain a link to a fake ‘Leiden University’ login page. DO NOT CLICK ON THIS LINK.
The phishing email is a fake email with a link to a falsified Leiden University login in order to steal accounts and passwords.
How do you recognise this phishing email?
The phishing email that is currently active is sent from accounts that have been a victim of this or previous phishing mails. Hence, you cannot recognise the email by the sender. You can recognise the email by the following details:
- The email signed with 'Best regards IT Helpdesk'.
- The salutation reads 'Hello' or 'Dear' without your name.
- Urgency is implied, for example through 'You have new important messages'.
- The link is incorrect. You can recognise university links by their top domain name universiteitleiden.nl or leidenuniv.nl.
An example of the phishing email is shown below.
What can you personally do?
1. Always check an email for the following:
- Is the email expected? Be alert with emails that you do not expect. In principle: do not respond.
- Is the salutaion personal? Be wary of emails that do not address you personally. You will always be mentioned by name in an email from the ISSC helpdesk, if you are the only recipient.
- Do not click on links. Only do so if you are absolutely certain that the message and the link are trustworthy.
2. Report phishing:
- If you come across this email, immediately report it to the ISSC helpdesk.
- If you receive an email you don’t trust, report it to the ISSC helpdesk.
- If you did click on a link or open an attachment, immediately report this to the ISSC helpdesk.
3. Delete it: Remove the email from your inbox.
4. Be alert: Inform yourself about phishing.