Phishing and scam calls – stay vigilant!

Messages which are phishing Office 365 usernames and passwords have been sent to the addresses of the university recently. Also scam calls from faked technical support are still coming to the phones.

The appearance of the recent phishing message has been neatened with the heading “Office 365" and the receiver is spoken with an e-mail address. The message is falsified and it may give an impression that IT service of own organisation has sent it. As sender, among others, IT Usage, Support, Oulu.fi Support are mentioned. ICT Services of the university do not use these definitions in any connections. In the message it is informed that the password expires today, but the link "Keep Current Password" is leading to the phishing page. If you get this kind of a message, do not follow the link and thus give the username and your password to the criminals' hands.

Another typical phishing attempt begins with an e-mail message in which the user gets the file sharing notification. She/he is asked to open the link and to be signed in with O365 username in order to see the file. The link leads to a phishing site from where username and password typically end up to criminals. Using those credentials they are able to get in user’s email and utilize it according to their own aims. 

The phishing emails and sign-in pages are professionally made and therefore they are difficult to be recognized as a scam. Often already the glance to the sender's e-mail address and to particularly its last part uncovers that it is a question of a scam attempt. Do remember that in an uncertain situation you can always ask advice from the Campus ICT service.

Some have received scam calls from a fake technical support. These scam calls come from spoofed phone numbers which may also seem domestic numbers. Usually, the scammer speaks English and introduces as an IT professional of Microsoft’s technical support. He claims that there is an information security problem in your computer and he can remedy it. However, it is a bluff because his real objective is to get your user credentials, your bank codes or your identity information. 

There is usually one common feature in scam attempts of all kinds: the scammer wants everything to take place without delay, without time for consideration. Do not agree to any of his proposes! Read more about scam calls on the pages of National Cyber Security Centre of Finnish Transport and Communication Agency: Technical support scam calls.

Add your knowledge about these subjects by watching short videos in the Wistec service. You’ll find videos with a keyword "Cyber security".

Last updated: 20.10.2020