Oops! You got caught.
You have just entered your password on a phishing website. Your password could now be in the hands of cybercriminals.
In an email you were informed that a scan failed and that you should log in and try again.
You could have easily seen through this particular attack based on the following points:
- You probably didn't scan anything.
- The sender address was fake (firstname.lastname@example.org).
- The text was very short and it makes no sense to log in to scan something again.
- You should have been suspicious in general, since you didn't expect an e-mail like that.
Note: This attack was part of an awareness training program. No data was transferred and no malware was installed.
Preventing the attack – Tips
Just clicking on a link in an email can put you and SQS at risk. Be wary of all e-mails that arrive in your inbox:
- Be suspicious: How does the sender know your address and why are you receiving the e-mail?
- Check the plausibility.
- Don't just click on links – check first, then click.
- Never enter your password on unknown websites.
- If in doubt please contact the Service Desk, Tel. +41 58 710 35 88
Cyber criminals use a good story to try to get their victims to click on a link. The link takes you to a website somewhere on the Internet, where malware may be waiting to exploit existing vulnerabilities on your computer and causing a great deal of damage.
You were also asked to enter your SQS username and password on the website. The credentials end up on the attackers infrastructure. They can for example use it to try to access SQS webmail and thus gain access to potentially sensitive information.