See Cyber Safety

Recognizing incidents

This website was set up to help you guard against security incidents. But what constitutes an incident? What do you see as user, what do you need to be aware of? This section of the website explains what security incidents are and how you can recognize them. You will also find information on actions to take to reduce the consequences of an incident and when to report an incident.


The following signs indicate that an incident has occurred, and as a result that your device has become infected:

  • your device is suddenly very slow;
  • there are strange notifications;
  • you see a lot op pop-ups when surfing;
  • your device has files you have never seen before;
  • you have lost files, your hard disc has been partially or completely wiped;
  • your home page has changed;
  • your browser has a new toolbar you did not request;
  • friends and colleagues warn you that they are receiving strange emails from you;
  • your virus scanner no longer updates or gives obscure error messages.

If one or more of the above signs occur, chances are that your device has become infected as a result of a security incident. Many infections are caused by phishing. If you are able to recognize a phishing attempt, you can avoid many problems yourself.


Phishing is a form of fraud on the internet. You can recognize phishing emails by the following tricks:

  • you are asked to provide personal details;
  • the message has attachments. Never open files with the extensions .zip, .exe, .js, .Ink, .scr, .jar. Even .doc files can be damaging;
  • the salutation is impersonal, i.e. ‘Dear Customer,’ or ‘Dear Sir/Madam,’
  • the sender is unclear, e.g. from a strange or abnormal email address.
  • the email is full of language and/or grammatical errors;
  • the message is sent without any reason and comes unexpectedly;
  • the email contains a link to a malicious website. Always check the link before clicking on it (by scrolling over it with your mouse or using a right-mouse click). You will often notice an unusual URL.

In addition to these signs, always use common sense when you receive an email. Scammers are becoming increasingly cunning and their emails are starting to resemble legitimate emails.

How to protect yourself 

Check the authenticity

When in doubt about an email, contact the organization who sent you the message, to verify the authenticity of the message. Do not contact them using the information in the email (link/telephone number) but look for the organization’s website yourself and use the contact details you find there.

Always report phishing

Receiving a phishing email constitutes a security incident, even if you did not click the link. Furthermore, it is sometimes possible to block specific phishing emails, but only when this is done before every addressee has received the phishing email. Therefore you must always report possible phishing immediately to CERT-UT, using the button at the bottom of this page. Tip: take a screen shot of the internet headers and add this to your notification, otherwise CERT-UT cannot trace the source or take measures.

We block phishing emails to the greatest extent possible. However, it is difficult to prevent this 100%, as criminals are becoming increasingly good at imitating legitimate emails. That is why we always have to balance tightening the rules with the risk that legitimate emails may not be delivered, or relaxing the rules resulting in more phishing emails.

Training your spam filter

Our spam and phishing filters are slowly but surely learning to recognize spam and more specifically, phishing. On the other hand, criminals are creating increasingly advanced phishing emails. Help to keep your spam filter up to date. A detailed explanation on how to train your spam filter can be found here.

What you should do if you were taken in by a phishing email

Did you click on a link in a phishing email? Then do the following:

  • change important passwords;
  • block your debit or credit cards if you provided information about them;
  • notify CERT-UT that you received a phishing email and that you responded to it.

Phising by phone or in person

Criminals not only use email to infect your computer and/or obtain your data, they also attempt to do so by phone or in person. In this way, these scammers try to get you to visit fraudulent websites, install malicious software or obtain login credentials. You can recognize a phishing attempt by phone for example by the foreign phone number or the poor English spoken. Phishing attempts in person can be made in various cunning ways, for example someone posing as a university staff member or student and requesting confidential information from you using a pretext.

Have you seen or experienced something that doesn't add up?
Report an incident