Digital Security and Privacy

Phishing is a frequent form of social hacking and usually happens through an e-mail pretending to be from a trusted source, which asks a user to confirm or update their password or personal data. The user is then directed to a usurper platform or asked to send the information directly, which the hacker uses to take control of their account and make their way further into the organisation's systems.

Basic security measures include:

• Never give your password to anyone, including authorities, administrators, or others. None of them will ever ask you for your password, because they do not need it for anything they must do.
• Be careful whenever an e-mail asks you to login or refresh your password on a platform, especially with a time limit. If the e-mail itself appears to be legitimate, check that the URL is also legitimate and that your browser recognises the website as secure (green padlock on Firefox).

When in doubt, double-check the sender e-mail address and the URL of any website on which you are asked to enter your password.

Here are basic things you should be careful about to avoid infection by viruses and malware.

• Never give access to your hardware to people you do not know personally.
• Do not connect hardware from an unknown source to your devices (such as a USB stick you just found or received from an unclear source).
• Do not open attachments from unknown sources, and do not follow links from unsolicited messages. This might cause your computer to be infected by malware.
• Attachments from trusted sources should still be considered with attention when the message they are attached to is unusual.

It is generally a good idea to display file extensions in your operating system (hidden by default in Windows) so you can differentiate a real media file from an executable pretending to be one.

If you notice any suspicious activity similar to things mentioned above, please contact the IT service for advice: servicedesk@graduateinstitute.ch.