Information Security

Dansk

 Information Security Campaign material Think before you click and be aware of phishing

Think before you click and be aware of phishing

On this page you will find good advice on how to avoid falling for phishing mails and SMS. You can also download posters to hang up.

Phishing is an attempt at identity theft

Fake emails and text messages, known as phishing and smishing, are very common and a favourite weapon when cybercriminals try to steal your identity. Phishing can be hard to spot, and as AU’s information security unit continues to see examples of employees and students taking the bait.

That's why it's important to be vigilant and learn how to spot phishing.

Good advice on phishing

How to spot a phishing attempt

Phishing is not limited to emails. It can also be via text messages, phone calls or through fake profiles on social media or dating apps. But it’s always after the same thing: to get you to reveal personal information. So learn about the characteristics of phishing.

Keep your MitID and passwords to yourself

  • Aarhus University, Nets and other legitimate banks, companies and government authorities will never ask you for your personal passwords, MitID, NemID code card or the like. If you receive a request to provide this kind of information, don’t respond.

Be careful about clicking links in mails and text messages

  • Scammers are good at making mails and text messages look genuine. If you are in doubt, check the official website of the sender.

Look for clues that will unmask a scammer

  • Cybercriminals will try to entice you to click links or open attached files. But there are a number of clues that will reveal these fakes: If you hover the mouse over a link in a mail, you can see where the link will take you if you click it.  Instead of clicking the direct link to the sender’s website, find the official website online and use the search function to see if you can find the same content.

Check the sender

  • If you suspect that the sender of a mail might be a scammer, search the internet and check the email address or telephone to make sure the information is correct. Or you can contact the company or government authority via their official website or telephone number and ask for a confirmation that the communication is genuine.

Count to ten before you click

  • Scammers often try to get you to act quickly. If you get an unsolicited mail or text message, it’s a good idea not to respond immediately: wait until you have time to think twice before you answer.

What to do if you fall for phishing

It happens to more people than you think.

Contact your local IT support team if you have accidentally clicked on a link, opened an attached file in a phishing email or disclosed confidential information, such as your password. 

If you have disclosed confidential information, change your password as soon as possible. Furthermore, activate two-factor authentication wherever possible. 

It’s a good idea to share your experience with your colleagues. This will warn others, and we can all learn to be more careful.

Do you need help?

Contact your local IT support if you have questions, comments or need help.

What is phishing?

Phishing is an attempt to cheat you into providing conficential data by

  • email (phishing - fishing)
  • SMS (smishing - 'SMS fishing')
  • phone (vishing - short for 'voice phishing', to fish information by using your voice)
Views
Be like Bob This is Bob. Be like Bob. This is the message of a new video about how to react if you happen to fall for a phishing mail.

Posters for download

Can you spot a phishing mail?

How the quiz works

  • The quiz is a social activity made for a staff meeting (e.g. via Teams or Zoom) etc.
  • The quiz will take approx. 15 minutes. 
  • We recommend that you facilitate the quiz yourself or appoint a facilitator who can play the quiz, read the slides out loud and encourage the participants to vote. 
  • The participants must open https://www.menti.com/ on their computer or phone and enter the code from slide 2 in the quiz. 
  • The participants are presented with 7 emails. After each email they will be asked whether or not an email is a phishing email or not. They can vote via menti.com. 

How to get access to the quiz

  • If you have used Mentimeter before, sign in via https://www.mentimeter.com/.
  • If you have not used Mentimeter before, go to https://www.mentimeter.com/join/aarhus, type in your AU email address, verify it via the email you receive. Then register with your name and a password.  
  • Choose My presentations and the Shared Templates in the left side menu.
  • Find the quiz 'Can you spot a phishing email?' (NB! The quiz is available in Danish and English).
  • Choose 'Add to my presentations'.
  • Now, you can find the quiz in My presentations.
  • Click the play icon to play the quiz at a staff meeting etc. 
Revised 04.12.2024