Ensuring IT security presents our university with ever greater challenges. In recent weeks, a large number of phishing e-mails have been sent to our Unibas e-mail addresses. This is an attempt to lure someone by e-mail to a prepared page, which has been copied pixel-for-pixel from a legal page, in order to obtain a user name and password there. Again and again people fall for these e-mails. This is a risk for those affected, who have entered their access data and thus passed it on.
The password is the key to all university information, this includes the personal SAP portal, all e-mails and all data, including the personal drive. If the password falls into the wrong hands, third parties can access, copy, read and change all this information. I.e., data can be deleted, banking information can be changed, and emails can be written. This can happen unnoticed for a long time. If, as we strongly advise against, the password is used for other accounts or other services, these are also compromised.
The most important facts in brief
Phishing e-mails can be detected much better by people than by protection programs. To promote the skills of employees to this end, the University of Basel has launched a phishing awareness campaign.
- Don't be put off by urgent wording.
- Always check the sender's address and links within the e-mails carefully.
- Do not open any unexpected documents, and be careful with macros and other additional functions that can be activated.
Most important rules of conduct for you
- Check links to login pages very carefully.
- If you receive a phishing e-mail, please send it to the ServiceDesk as an attachment (drag the phishing e-mail into a new e-mail, see video below).
Handling by IT Services
- If IT Services sends you an e-mail with a link to a login, this will be accompanied by a note to check links carefully.
- If IT Services receives a phishing e-mail from you, they will then initiate necessary measures to prevent further distribution of this e-mail, among other things.
- Due to the sometimes high volume of forwarded e-mails, you will not receive a reply to reported phishing e-mails.