Cybercrime

Phishing is a form of scam in which criminals try to use misleading emails, seemingly from TU Delft or another trusted party such as your bank. The goal is to obtain your personal information or install malicious software on your computer.

Phishing messages are becoming more and more difficult to distinguish from a regular e-mail. It is therefore important that you always keep a critical eye on requests to provide information, or that requests you to log in.

Phishing can be recognised in the following way:

• There are spelling errors in the e-mail.
• The e-mail often has an impersonal salutation. For example 'Dear relation' or 'Dear customer'. But beware: even if you are addressed by name, you may be dealing with a phishing email.
• It is supposedly urgent. For example, when you have to pay quickly.
• The e-mail comes from a strange looking e-mail address. The part behind the @ provides insight into the origin of an e-mail. E-mails from TU Delft originate from an address that ends on "tudelft.nl".
• The links in the e-mail go to web addresses that look strange. Check this by hovering your mouse pointer over a link in the mail, without clicking on it. You will now see the web address in a small message or at the very bottom of the screen.
• Sometimes you will be asked to open programs or documents that were sent with the e-mail. These attachments may contain spyware, trojan horse or viruses or may automatically take you to an online form.

Be very careful with suspicious messages that ask for personal details. Never respond to these messages. Never click on the links in the message and never open the attachments/downloads in the message. Instead, forward the message to abuse@tudelft.nl so that it can be reported and investigated further.

Never respond to requests for payment or purchase of gift cards, which seem to come from your supervisor, your promoter or any other person at TU Delft you know or trust.

TU Delft will never ask you to transfer money or purchase gift cards. If you receive such a request, please report it directly to abuse@tudelft.nl.

If you receive such a request, you are dealing with fraudsters who impersonate the person you trust. This is often regarded as CEO fraud, and it can be recognised by a number of things:

• The sender uses different communication channels, e.g. via a hotmail or gmail address or via an SMS.
• The sender places a strong emphasis on the relationship of authority. The payment order is given as an order.
• Sometimes you are praised or made important as a recipient. You are chosen to carry out the order because of your exceptional qualities, and the success of an action placed on your role.
• It is also often emphasised that this is an exceptional payment that demands a deviation from the norm or standard procedure.
• The sender emphasises that confidentiality is of great importance. The assignment may not be shared with colleagues.
• Payments must be made as a matter of urgency.

As a TU Delft employee, you should always assume that in the case of payments or requests, the internal TU Delft processes are always followed.