For best experience please turn on javascript and use a modern browser!
You are using a browser that is no longer supported by Microsoft. Please upgrade your browser. The site may not present itself correctly if you continue browsing.
Extranet Extranet

Recognising and reporting phishing emails

Internet criminals are constantly coming up with new ways to steal your login details or files. Make sure you know how to recognise fake emails and how to check if an email is genuine.

Checklist for recognising phishing emails

Use this checklist if an email seems suspicious to you. Send the suspicious email as an attachment to Service Desk ICT Services. Then delete the email from your inbox immediately.

Check the email address
  • Check the email address
    • You check the sender's email address by hovering the cursor over it without clicking. The email address must be the official mail address of the person, organisation or company.
    • The domain name (anything after the @ sign in the email address) must match the website address of the organisation or company.
    • In fake emails, the email address is often a variation of an organisation's or company's real name.
    • Check out this infographic (pdf, 1 p.) for more explanations and tips on how to spot fake email and website addresses.
  • Check the link
    • Only click on a link if you are sure the web address is genuine. When in doubt, hover the cursor over the link but don't click on it. You will then see the web address.
    • Check on checkjelinkje or scamcheck if the address is reliable. An official web address consists of the name of the company, followed by a dot and then 'nl' or 'com'.
    • Check out this infographic (pdf, 1 p.) for more explanation and tips on how to spot fake email and website addresses.
  • Call the sender

    Don't trust it? Then call the alleged sender. Do not use the phone number given in the email, but find the number yourself on the official website of the organisation or company.

  • Check a file's extension
    • Before you click on an attached file, check the file extension. This is the addition at the end of a file name (the letters after the dot), which indicates what kind of file it is.
    • Suspect file types are: .Exe, .zip, .js, .lnk, .wsf, .scr, .jar.
    • In Windows, extensions are hidden by default. Enable file extensions by typing Window key + R in the 'control folders' window and then pressing Enter. In the View tab, uncheck 'Hide extensions for known file types'.
  • Never enable macros

    Are you asked to enable macros after opening a Word document? Never do this. If you do, your computer and the network could be infected with malicious software.

  • Is e-mail from @e.uva.nl safe?

    Yes, it is safe. The UvA uses this subdomain to send its email newsletters.

What if you did respond to the phishing

If you accidentally clicked on an incorrect link or attachment or passed on your UvAnetID password, various things can happen.

Is your computer infected with a virus or spyware?

Do a virus scan and change your passwords, because malware can forward your passwords to criminals. On veiliginternetten.nl you can read what indicates that your computer is infected.

Are your files encrypted and can no longer be opened?

Are you being asked to pay a 'ransom' to release your files or computer? Then you are dealing with ransomware: your computer has been taken hostage by cybercriminals. Never respond to this! Break your network connection immediately and switch off your computer.

Has your UvAnetID password been passed on to a fake website?

Change your password immediately and report this incident to the Service Desk ICT Services.