12 October 2023

Friday afternoon, ten to five: an email arrives asking you to sign up for an interesting event. It’s urgent because registration closes soon. You see the trusty logo of Leiden University in the email and the formatting looks familiar too. Your colleagues are already waiting for after-work drinks, so you quickly click on the link in the email and enter the details required. But the email was a phishing attack and has now given cybercriminals all the details they needed.

Phishing is a form of cyberfraud in which hackers use scam messages to gain access to personal data. It’s becoming more and more difficult to identify phishing emails and they’re becoming increasingly common. So it’s only human to fall for a phishing mail. We are therefore sharing seven tips to help you spot possible phishing emails. (And don’t forget to watch the video where cybercriminal Granny Smith shows how easy it is to create a successful phishing email!)

Boost your phishing resilience with these tips

1. Never provide personal data in telephone calls that you yourself did not initiate.
2. If a reliable or familiar organisation asks for personal data, they will never do so in a link in an email. So don’t click on that link and definitely don’t enter any details.
3. Does a call make you feel pressured, uncomfortable or stressed? End it straight away.
4. Is an acquaintance or organisation asking you something unusual or out of character, for instance to transfer money for a service that you do not use or for something that you have not previously discussed? Be alert: the chances are it is phishing!
5. Be careful when opening emails and email attachments. If there is a link in the email, hover your cursor carefully over it (without clicking). You’ll see a bar with the URL that will be opened when you click. Does the link look strange or illogical? Don’t click! If you weren’t expecting an attachment or are asked to open it in an unsecured view, don’t open it.
6. If a sender is offering something that seems too good to be true, the chances are they are trying to trick you. Don’t fall for it.
7. Do you suspect you’ve received a phishing mail or have your doubts about one? Always contact the ISSC by mailing them at helpdesk@issc.leidenuniv.nl or calling them at +31 71 527 8888. The sooner you report it, the lower the impact of the phishing attack.