TEXT BY GIULIA FABRIZI / VIDEO BY ROHAN HOEKSMA
The Eindhoven University of Technology (TU/e) fell victim to a cyber attack this past weekend. As a result, the university will remain closed for a second day. What steps can you take to counter hackers?
TU/e took its network offline over the weekend after detecting suspicious activity. In a message to students and staff, the university warned everyone to stay extra vigilant against phishing emails.
How to spot a phishing email
Phishing emails are designed to gain access to your computer, network, or bank account. Here’s what to watch out for.
The Dutch Ministry of Economic Affairs’ Digital Trust Centre advises paying close attention to the sender. Cybercriminals are adept at creating emails that appear to come from a trusted organisation. However, the email address is often slightly different.
Take the University of Groningen (UG), for example. A legitimate UG email address always ends with @rug.nl or @student.rug.nl. A scammer might use something like info@rug1.nl.
Adding a number or a slight variation makes it look almost legitimate. If you’re unsure about an email, always verify the official email address of the organisation.
Language
Pay attention to the language used. While phishing emails are less likely to contain glaring spelling errors and awkward phrasing nowadays, they still might. Also, consider the tone and content of the email. If it seems suspicious, compare it to previous legitimate communications from the organisation.
How the email greets people is another clue. Phishing emails often use generic greetings like ‘Dear Sir/Madam’ or ‘Dear Customer’. If an organisation you’re associated with—where your name and sometimes your gender are known—uses such a greeting, it’s worth being extra cautious.
Urgency and personal information
Many phishing emails try to create a sense of urgency, such as asking you to change a password before an account expires or pay money to avoid penalties. If you’re uncertain, contact the actual organisation to verify the request.
Another common tactic is asking you to ‘update’, ‘verify’, or ‘complete’ personal information, often via a link. According to the Digital Trust Centre, banks, insurance companies, and government agencies never request personal information via email.
Concerned about missing a genuine email? Look up the organisation’s contact details yourself (don’t use those provided in the email) and call them to confirm.
Links and attachments
Never click on links in suspicious emails. Watch for shortened links, such as those using bit.ly, t.co, or goo.gl, as cybercriminals often use these to hide malicious websites.
If an email includes an attachment you don’t trust, don’t open it, especially if it’s a .zip or .rar file. According to the Digital Trust Centre, legitimate companies rarely send invoices or payment reminders in these formats. If you receive such a file from a familiar sender and it seems off, contact them directly to verify, but use a contact method other than email.
What to do if you suspect a scam email
Notify the Dutch Fraud Helpdesk, which provides extensive information on scams. You can also check if the email address has been flagged as suspicious. Mark the email as spam and delete it to avoid accidentally interacting with it.
If you notice something suspicious, contact the CIT Service Desk at the University of Groningen for assistance.
Maastricht
At the end of 2019, Maastricht University was targeted by a so-called ransomware attack. In such an attack, a hacker blocks the victim’s computer, forcing them to pay a ransom to regain access.
At that time, cybercriminals had locked not only the servers but also the backup systems. As a result, students and staff were unable to access their scientific data, library, or email. Personal data was at risk of being lost, and students could not take exams or work on their theses. After a week, the university decided to pay the ransom of 200,000 euros.