Instituto Superior Técnico

Serviços de Informática

SI  Services  E-mail Features  e-mail  Phishing Prevention

Phishing Prevention

In higher education institutions, where large volumes of academic and personal information circulate daily, digital security is essential to ensure the integrity of services and the protection of the entire community.

 

What is Phishing?

Phishing is a form of digital fraud in which a message that appears to be legitimate attempts to deceive the user into disclosing sensitive information, such as credentials or personal data, or into accessing fake pages that imitate official or legitimate services.

These scams may imitate or misuse addresses, logos, and language similar to those of official entities, making the messages highly credible. They often include:

  • Links that redirect to fake websites;
  • Malicious attachments;
  • Requests to confirm personal or account data;
  • Threats of service suspension;
  • Messages creating a strong sense of urgency, for example: “if you do not change your password within 2 hours, your account will be blocked”, prompting the user to act impulsively.

 

How to identify a fraudulent email?

Common warning signs:

  • The email asks for passwords, authentication codes, or personal data;
  • An unexpected message, even if it appears urgent or important;
  • Spelling mistakes, unusual formatting, or language that is not typical of the organization;
  • A sender address that is similar, but not identical, to the official one;
  • The sender may appear to be a legitimate user with an institutional email address;
  • Suspicious links or links that do not match the displayed text;
  • Attachments you were not expecting;
  • Requests for payment through external links.

Common real example:

 

How to act when receiving a suspicious email?

If you receive a suspicious or potentially fraudulent message:

Never:

  • Click on links or buttons included in the message;
  • Open attachments that you do not recognize or were not expecting;
  • Reply by sending personal data, passwords, or authentication codes.

By interacting with fraudulent links or attachments, your computer may be automatically infected or you may be redirected to fake websites designed to capture your password.

Recommended actions:

  • Delete the email if it is confirmed to be fraudulent;
  • Mark it as SPAM in the webmail system to block future messages from that sender;
  • In case of doubt, immediately contact the IT Services;
  • Never assume a message is legitimate simply because it contains logos or appears to come from within the institution;
  • Never use institutional credentials outside official institutional addresses (for example, only at https://id.tecnico.ulisboa.pt/);
  • Use a credential manager (password manager). Versions are available for computers and smartphones, allowing you to store and access your passwords securely;
  • Do not open links or attachments from emails with unknown senders; always verify the real sender address (the part between “< >” in the From: field);
  • In cases of account compromise, assume that the contents of the mailbox may have been exposed.

IT Services never send emails requesting personal information or credentials outside an appropriate and verified context.

 

What to do if you clicked on a suspicious link?

If you accidentally clicked on a message that may be fraudulent, follow these steps:

  1. Change your password

    Immediately change the password of your institutional account.
    If the same password was used on other services, those accounts are also at risk and their passwords must be changed.
    Password reuse is strongly discouraged. Institutional passwords must never be used on other services.

  2. Check whether two-factor authentication is enabled

    If two-factor authentication is enabled, confirm that it is still working correctly.

  3. Close sessions on other devices

    If possible, terminate any old sessions or sessions opened on other devices.

  4. Check your computer or mobile device

    Run a scan using antivirus software or another security tool.
    The device should be considered potentially compromised until verified otherwise.

  5. Do not provide further information

    If the website requested personal data, codes, or payments, do not respond or proceed with any additional actions.

  6. Contact the IT Services

    Inform the IT Services of what happened so they can check the account and ensure everything is secure.
    When contacting IT Services, please provide the following information:

    • How long the password has been in use and on which services;
    • Whether the password was reused on other accounts;
    • On which devices it was entered (computer, smartphone, tablet) and their operating systems;
    • Whether the password was entered on any website or links received by email were followed;
    • Whether, as part of your work, personal data of third parties was handled using the institutional account.

For security reasons, IT Services may temporarily block the user’s access.

This is a preventive measure intended to prevent misuse and to protect institutional data and systems.

Access will be restored after validation by the IT Services.