Norwegian version of this page

Email scams: Phishing and fraudulent messages

Phishing is a form of fraud where you receive emails aimed at extracting personal information, the password to your UiO account, or information about your bank account, credit card, or similar.

Phishing, also known as net fishing or ID fishing, is used for digitally snooping or fishing for sensitive information.

Is the email a phishing or scam message?

Checklist

  • It is easy to fake an email to make it appear as if it comes from a reputable sender - be critical.

  • UiO will never ask you to send your UiO username and password in an email.

  • If you receive an email with a link to a UiO service that requires login - check that the link goes to UiO. If you are unsure if an email is authentic, you should contact local IT or postmaster. Be skeptical of links in emails.

If you are unsure if the service is genuine, it is better to type in the address yourself in the browser and then navigate to the service, e.g., type in "www.uio.no" and search for "change password".

Common characteristics of scam messages

  • Scammers often use a service for automatic translation to Norwegian, which results in poor language in the message.
  • They often refer to an "update" or that something is "wrong" (e.g., login errors, over quota), and that you need to log in to "reactivate" or "validate" your account.
  • The message often contains a link that may appear to go to UiO but actually leads to an external site when opened.
  • If there is no link, the message either has an attachment that the scammer wants you to open, or you are asked to reply to the email with username/password, name, account information, etc.
  • Some fraud attempts include a short deadline combined with a threat that, e.g., your account will be deleted.

Fraud attempts that appear to be sent from UiO

UiO has been subjected to numerous waves of phishing and ID theft attempts where users have been asked to provide username, password, and national ID number, so that, for example, the "postmaster" can expand their email accounts to receive more emails or similar.

UiO IT staff will never send out emails asking for usernames, passwords, account numbers, personal numbers, or similar personal data from UiO. Do not respond to the scammers, as this only confirms that your email address is valid. Additionally, giving away your username and password is a violation of the UiO IT regulations section 3.6, on data security.

Fraud attempts that appear to be sent from your bank

Another common method is to send emails pretending to be from a large bank. The email is sent to numerous people and informs them, for example, that there are problems with some credit cards from that bank. However, according to the email, the problem can be easily solved by following an attached link to a website, answering questions there, and filling in personal and credit card information. This information is then used to drain the credit card of money. The whole thing is made more credible by the email looking like it is from a reputable bank and the website you are directed to looks just like the official website of this bank.

Be vigilant

Other services are also vulnerable to phishing attempts. For example, Finn.no was used in a large-scale attempt at ID phishing.

There are several programs online for detecting phishing, and several browsers, like the latest versions of Internet Explorer and Firefox, include anti-phishing filters. However, you should not fully rely on these filters as scammers quickly find new ways to bypass the browser filters.

Reporting scam attempts

If you receive an email where someone impersonates UiO and demands to be sent your UiO username and password, or requests this information on a website that does not belong to UiO, we would like to be informed about it. Reasons often given are, “webmail service is being updated,” “a new security system has been implemented,” or “the account will be deleted.” Note that staff at UiO will never ask for your password.

  • Scams and phishing should be sent to UiO CERT, the UiO IT security incident group, at cert@uio.no.

  • To get all the information we need, the email should be sent with all headers.

We are particularly interested in scam attempts targeting UiO or those that are convincingly designed. Emails informing you that your address has been drawn in an internet lottery or that you have a large sum of money in a bank account in your name can usually just be deleted, but we would rather hear about one scam too many than one too few!

Help! I have given my password to scammers...

It can happen that you send your UiO password to an email address you realise that you do not know, only to realize shortly after that it might not have been a good idea.

  • The first thing to do is to change your password in Brukerinfo.

  • In Brukerinfo, you should also check that scammers have not set up email forwarding.

If there is a short time between when the scammers get your password and when you change it, it could be that nothing will happen, but you must contact UiO CERT, the UiO IT security incident group, at cert@uio.no. This is because scammers use accounts they gain access to send out new scam messages. If this happens, you may also experience getting bounce-backs (notifications that the email could not be delivered) as well as responses from unknown people. If emails have been deleted from your account, the postmaster can also help you recover them.

Published Nov. 4, 2024 4:07 PM - Last modified Nov. 4, 2024 8:35 PM
E-mail this page