Oops! You got caught.
You have just entered your password on a phishing website. Your password could now be in the hands of cybercriminals.
You have been informed in an email that due to a migration of Outlook Web Access you have to register once to apply the profile settings.
You could have easily seen through this particular attack based on the following points:
- The sender address was fake (firstname.lastname@example.org).
- You weren't familiar with the text and appearance of the email.
- The URL of the web portal was not trustworthy (https://owa-sqs.ch).
- You should have been suspicious in general, since you didn't expect an e-mail like that.
- The website looked very simple, without any reference to SQS.
Note: This attack was part of an awareness training program. No data was transferred and no malware was installed.
Preventing the attack – Tips
Just clicking on a link in an email can put you and SQS at risk. Be wary of all e-mails that arrive in your inbox:
- Be suspicious: How does the sender know your address and why are you receiving the e-mail?
- Check the plausibility.
- Don't just click on links – check first, then click.
- Never enter your password on unknown websites.
- If in doubt please contact the Service Desk, Tel. +41 58 710 35 88
Cyber criminals use a good story to try to get their victims to click on a link. The link takes you to a website somewhere on the Internet, where malware may be waiting to exploit existing vulnerabilities on your computer and causing a great deal of damage.
You were also asked to enter your SQS username and password on the website. The credentials end up on the attackers infrastructure. They can for example use it to try to access SQS webmail and thus gain access to potentially sensitive information.