YOU HAVE BEEN PHISHED!

Cybercriminals are on the hunt for you!

You clicked on a link in a phishing email! Fortunately, this was not a real phishing attack but a simulation. Stay alert! Clicking on a phishing link can give cybercriminals access to your data, which they can misuse. On this page, you can learn more about phishing and how to protect yourself against it.

We kindly but urgently request that you do not inform your colleagues about this phishing email.

What is phishing exactly?

Phishing is a form of cybercrime that almost always takes place online. Phishers try to manipulate you into revealing your confidential information, such as passwords and PIN codes. You play a crucial role in this crime—and in preventing it. Stay informed and stay alert!

How does a phishing attack work?

Phishing almost always begins with an email containing an urgent request for personal information. This data is highly valuable. The criminal pretends to be a trusted organization or individual, such as your employer, urgently asking you to create a new email account. If you don’t comply, you might supposedly lose access to your data after a system update. Or, they might pose as your insurance provider, claiming to refund you a certain amount—but first requiring a quick confirmation of your details.

Does that make us stupid? No.

Cybercriminals know exactly how to manipulate you. The email and the webpage you land on after clicking the link often look identical to those of a legitimate, trustworthy organization. The message is carefully crafted to make you act quickly and without suspicion. Even just opening a link in an email can sometimes give cybercriminals access to your data. Their methods are becoming more sophisticated, but the simplest trick—getting you to voluntarily hand over your information—remains the most popular.

Who falls for that?

We hear you thinking, who would fall for that? Who would be so foolish to give away their password or PIN code online? Plenty of people do.

The yearly amount of attacks worldwide is still growing.

This is how you avoid becoming a victim:

Check if the message of the mail is appropriate

Did you expect the email? Does the message fit within a familiar context? Do you immediately understand why you received the email? If you answer any of these questions with ’no’ or ’I don’t know,’ be cautious. If you personally know the sender, you can check with them—without clicking on anything first! If you don’t know the sender at all, it’s often best to delete the email immediately.

Realise when you are being pressured

In many phishing emails, criminals try to scare you or entice you into taking quick action. They often skillfully exploit our fears, emotions, and desires. The message is crafted in such a way that you feel like you have no choice but to click. But haste makes waste.

If a message makes you feel pressured or tempted, that’s an extra reason to take a closer look at it.

Ensure proper computer security

Make sure your computer is running the latest versions of all programs. With each new version of Windows, Mac OS X, Internet Explorer, Chrome, etc., security vulnerabilities are patched, and new protections are added. Good computer security can block any attached malware that comes with a phishing email. However, it does not protect against a fraudulent link within the message. If you click on it, you can still be phished as it redirects you to a malicious page. An antivirus program will not prevent this because the action is initiated by you.

Tips and tricks against phishing:

Personal data or login credentials

Authorities never ask for personal data or login credentials via email. Immediately close emails with such requests and do not click on links for information or forms.

Do not open PDF-files

Never open a PDF from someone you don’t know. Hiding malicious ZIP files inside seemingly innocent PDF documents is a commonly used technique.

Read the full URL

It is important to read a website’s URL from left to right in its entirety. For example, a URL might start with ’www.heutink’, but if it is followed by 120 characters of nonsense, be cautious.

Check spelling and grammar

Phishing emails sometimes contain major grammatical errors, both in spelling and sentence structure. Pay attention to this.

Keep your password to yourself

Never share your password or any other personal or sensitive information in response to a request you did not initiate.

E-mailadresses

Email addresses can be ’spoofed,’ meaning they may appear legitimate but actually come from a phisher. If you weren’t expecting the email, verify its authenticity by composing a new email and asking the supposed sender for confirmation. Do not use the “reply“ or “respond“ button to do this.

About this simulated phishing action:

This simulated phishing action was commissioned by Heutink and set up by ilionx.com. This action is meant to make you and your colleagues more aware of the risks in the digital world. Because the digital world brings us many opportunities, but sadly also carries great danger with it.