Omnibus prik

Phishing attempt nearly costs AU DKK 170,000

A new type of phishing email is circulating, in which fraudsters claim to be senior executives in an attempt to get employees to transfer money to false accounts. IT Security Manager Ole Boulund Knudsen is aware of two attempts of this type of fraud aimed at AU. On one of the occasions it very nearly cost the university DKK 170,000.

[Translate to English:] Grafik: Astrid Reitzel
[Translate to English:] It-sikkerhedschef Ole Boulund Knudsen

Fakta om phishing

What is a phishing email?

  • It is a fake email – or a fraudulent email in which the sender pretends to be someone else with the aim of tricking the recipient into providing confidential information or money.

How can you see that it is a phishing email?

  • A phishing email typically seeks to coax confidential information out of you, for example a user name, a password or a credit card number. Or it tries to get you to send a bank transfer, which is the case in the type of phishing known as CEO fraud.
  • The email will also typically contain some form of consequence, along the lines of: If you do not transfer the money, your email account will be closed.
  • The language used or the lack of an email signature can also help to reveal that the email is an attempt at phishing.

What should you do with a phishing email? 

  • In short: Delete it!
  • But you should also inform your local IT support of the phishing email, so they can block the sender and thereby prevent other AU employees from opening the email and responding to it.

What if the email has tricked you?

  • Contact your local IT support immediately.

Read more about phishing  

CEO fraud is a new and more refined type of phishing being faced by Danish and international companies, in which the fraudster pretends to be a director or senior manager of a specific company or organisation and attempts to lure one of the company's employees to transfer a large sum of money.

Earlier in the year, the Danish State Prosecutor for Serious Economic and International Crime warned against this type fraud and referred to two cases in which the Danish departments of two international companies were defrauded for DKK 100 and DKK 40 million respectively.

AU targeted several times

According to AU's IT Security Manager, Ole Boulund Knudsen, AU has also been subjected to attempts at precisely this type of fraud. It has happened several times and on one occasion the fraud was almost successful.

He explains that the phishing email was sent by a fraudster pretending to be University Director Arnold Boon. The email was addressed to Deputy Director for AU Finance and Estates Project Development, Niels Jørgen Rasmussen, with a request to transfer EUR 23,100 (approximately DKK 170,000) to an external account. The deputy director was in a meeting and forwarded the email to an employee who, as it happened, was also in a meeting. When the employee had time to look at the email, the bank was already closed for transfers that day. Fortunately for AU. Because when the employee informed Arnold Boon that the transaction would not take place until the next day, an email came return, saying that the university director had never sent the email in question.

"Fortunately everything worked out okay, and today the finance department has tightened up their procedures to guard against this happening," says Knudsen.

Pretended to be the rector

There have also been other cases, for example when fraudsters also tried to pretend to be Rector Brian Bech Nielsen and ask for the transfer of EUR 29,350.

“However, in this case they realised it was a fraud immediately," says Knudsen.

Fraudsters deliberately target accounting staff 

He goes on to say that it is very typical for fraudsters committing CEO fraud to deliberately address the false emails to key employees in the finance and accounts department.

"CEO fraud typically affects accounting staff, but the fraud can also be aimed at other employees. Here at the university, it could for example be aimed at employees in a department that has the right to send something for payment," says Knudsen.

Focus on phishing 

According to Ole Boulund Knudsen, it is difficult to put a precise figure on how big a problem phishing is at AU.

"Phishing often comes in waves. On an ordinary day, we typically stop more than two million spam and phishing emails with our spam filter. But some spam and phishing emails slip through the filter. Fortunately, only rarely does anyone actually click on a link in this type of phishing email. Most of them are stopped, he says."

AU's department for information security is focusing on phishing together with the information security committees in an autumn campaign.

Translated by Peter Lambourne