Recently users received a fake e-mail (including the logo of the respective university) asking the user to click a link. The link directed the user to a fake website that was an exact copy of SDU’s single-sign-on site. However, it was NOT SDU’s website.
In order to avoid those phishing scams, please use the following tips:
Don’t click links in e-mail messages if you don’t recognize the sender
A link in an e-mail can direct you to a website, which can infect your computer once the website is displayed.
Even if you know the sender, ask yourself: What kind of dialogue did I have with the sender – is it necessary for me to know what is in this link?
Be careful with jokes, chain letters and breaking news.
Right now perpetrators are trying to exploit vulnerabilities in Java by distributing e-mails about the bombs in Boston.
Make sure that you are on the website that you think you are
If you need to enter your password on a website, make sure that you are on the website that you expect. If you, for instance, are logging onto SDU’s webmail – can the address in the URL-bar of your browser be associated with SDU?
If you need to enter your password on a website, make sure that the site is encrypted
The padlock in the URL address line must be closed. This always applies to websites outside SDU’s internal network.
Check out the link
If you want to click a link in an e-mail message, first find out where the link will lead you:
Place the cursor on the link without clicking
Normally, a text box with the actual URL will appear
Does the address correspond to the address stated in the e-mail text, and do you trust the address?
Never disclose your password to anyone
SDU’s IT-departments can perform any needed action on your behalf without knowing your password. Of course it will be registered that we have performed an action on your behalf. The staffs of the service desks might ask you to enter your password – they will never ask to you to disclose it.