Warning against phishing emails

At the moment, Aarhus University is faced with a serious phishing problem and needs all staff and students’ help to fight it. You must never share your username and/or password with others - not even to others at AU.

Swindlers are currently misusing AU mail accounts to send spam mails. As a consequence, a number of partner organisations, including the University of Copenhagen and Hotmail, have blacklisted AU and are refusing to receive mails from us.

The swindlers behind this get access to AU’s email accounts through so-called phishing emails where they lure staff and students to share their username and/or password per email or via a fake website.  The latest examples of phishing emails look very believable - but they are fake. See examples.

What can you do?

Never share your username and/or password in an email or to others in general - not even to others at AU. AU IT will never ask for this information via email.

If you receive an email that you believe is a phishing email, please delete the email immediately.  You can also attach the email in an empty email and send it to abuse@messaging.microsoft.com. Please write the original subject in the subject field when you send the email. The email will then be registered as a phishing email/SPAM. 

If you have shared your password with others by mistake and if you suspct that others know your password, please change it immediately.

What is AU IT doing?

AU IT is following the development of the phishing problem closely. This week, 10 mail accounts have been misused and within the last 16 hours it has been necessary to block 4 accounts. Every time a mail account is misused, thousands of emails are send out from the account. AU IT is aware that it is unpleasant for the users, however, the consequences for AU are immense if abused email accounts are not blocked.   

What is a phishing email?

Phishing is an internet phenomenon where fraudsters attempt to acquire information such as usernames, passwords, credit card or online banking information. Typically, the user will receive an email in which someone tries to lure the user into sending information per email or by logging onto a fake website that looks like e.g. a bank website. The email comes across as being sent from e.g. the bank or the IT administrator.