Oops! You got caught.
You have just entered your password on a phishing website. Your password could now be in the hands of cybercriminals.
In an email you were informed that your password will expire in two days and you can change it by clicking on a link.
You could have easily seen through this particular attack based on the following points:
- The sender address email@example.com was strange and not trustworthy
- You weren't familiar with the text and appearance of the email.
- You should have been suspicious in general, since you didn't expect an e-mail like that.
- The website looked very simple and you weren't familiar with it at all.
Note: This attack was part of an awareness training program. No data was transferred and no malware was installed.
Preventing the attack – Tips
Just clicking on a link in an email can put you and SQS at risk. Be wary of all e-mails that arrive in your inbox:
- Be suspicious: How does the sender know your address and why are you receiving the e-mail?
- Check the plausibility.
- Don't just click on links – check first, then click.
- Never enter your password on unknown websites.
- If in doubt please contact the Service Desk, Tel. +41 58 710 35 88
Cyber criminals use a good story to try to get their victims to click on a link. The link takes you to a website somewhere on the Internet, where malware may be waiting to exploit existing vulnerabilities on your computer and causing a great deal of damage.
You were also asked to enter your SQS username and password on the website. The credentials end up on the attackers infrastructure. They can for example use it to try to access SQS webmail and thus gain access to potentially sensitive information.