More than 90 % of all security attacks begin with an email.

A phishing email is an email from a sender who appears to be someone else in an attempt to obtain sensitive information such as passwords or install malicious software on your computer.

Never follow links or open attachments in emails from senders you don’t trust. If you’ve already followed a link or opened an attachment in a phishing email, please report the security incident below.

Below you’ll find information on how to identify a phishing email. If in doubt, contact

How to spot a phishing email

  • +

    The sender is not who they appear to be

    The sender of a phishing email will always hide their true identity. They may do so by hacking existing email accounts and impersonating others. Or the sender may create a new email account through one of the many email services that don’t require proof of identification. Email programs allow senders to fill in the display name; this means that an email may easily appear to come from a known person or organisation.

    This means, that even if you receive an email from a sender you already know and trust, you should always be vigilant when the email urges you to disclose personal information, click a link or open an attachment.

    In some cases, you may find that there’s a mismatch between the sender’s display name and the sender’s email address. In the example below, the domain name included in the sender’s email address would be and not, if the sender was in fact e-Boks. There may also be other red flags (see the other descriptions on how to spot a phishing email). In some cases, it might be a good idea to contact the sender by calling them or sending a text message to confirm that they have actually sent you this email. Or you may need to sign in to your user account with the company from which the email appears to have been sent to confirm the contents of the email. Never click on links in the email that appear to lead you to the company’s website.

    Picture of fake email from e-boks

  • +

    You are urged to share personal information, click a link or open a file

    The sender of a phishing email wants to lure money from you or wants you to provide them with information such as usernames and passwords to gain access to your user accounts (including email and system accounts) at your workplace, bank, e-Boks, Amazon, Norwegian or, as the example below, your PayPal account.

    The email may urge you to provide the sender with personal information. Or it may encourage you to transfer money.

    You may be urged to follow links in the email that lead you to a fake website resembling the website of the company from which the email appears to have been sent. The fake website may contain login fields in which you can enter your username and password. Or the website may contain a virus which downloads to your computer when you enter the site.

    The email may also include attachments which the sender urges you to open. Attachments may contain viruses which downloads to your computer once you open them.

    Never do what the sender of the email urges you to do. If you’re not sure whether an email is legitimate, look into this without responding to the email, without following the links included in the email and without opening any attachments. For instance, in the example below, you could sign in to your PayPal account (if you have such an account) by entering PayPal’s website (not by following an email link) to check whether you have received payment.

    Picture of fake email from paypal

  • +

    Links lead to suspicious websites

    If the phishing email includes a link which you are urged to follow, this link may lead you to a website that doesn’t match the alleged sender. The website may resemble the alleged sender’s legitimate website, and therefore, you may accidentally enter personal details such as username and password without knowing that they may fall into the wrong hands. The link may lead you to a website infected with a virus which downloads to your computer when you enter the site. Avoid following email links.

    Hover your mouse over the link to see the destination address.

    In the example below, the ‘confirm your identity’ button leads to a website which is not affiliated with

    Picture of fake email from e-boks

  • +

    Threats of consequences if you don’t respond

    A phishing email may use threats and extortion to coerce you to do what the email asks for. In the example below, the sender threatens to cancel your credit card, deactivate your email account and share compromising photos with your family, friends and colleagues. The sender may appear to be a skilled hacker or an employee at a support-service.

    You need to look at each email individually to assess whether or not the threat is real. For example, the following Nets email cannot be legitimate when sent from And the email from Outlook would not be sent from a Yahoo email address. In addition, we don’t have a support team called ‘Mikroafstand Support’ at AAU. Regarding the blackmail email, it seems unlikely that someone has clicked on ‘voksen sider’ (‘adult pages’) during working hours. Please use the other tips on this list to assess whether you’ve received a phishing email that may have been sent to a number of random people, including you.

    If you are still unsure whether the threat might pose serious consequences for AAU, your work email account, your AAU password or your AAU credit card, please contact

    Picture of fake email from nets

    Picture of fake email from web support

    Picture of email from hacker

  • +

    Sense of urgency

    The threats put forward in phishing emails may seek to create a sense of urgency by presenting a tight deadline within which you are prompted to act. In the below examples, the recipient is given two days or even as little as 24 hours to do as requested by the sender. Nothing happens when you exceed the deadline of a phishing email.

    Picture of fake email from web support

    Picture of email from hacker

  • +

    Spelling mistakes and poor grammar

    The wording of phishing emails often seem to originate from English. They are either written in English or have been translated to Danish using machine translation and often contain odd sentence structures and an atypical choice of words. See examples below.

    However, the senders are getting better, so you may also receive phishing emails written in perfect Danish.

    Picture of phishing email

    Picture of email from hacker

FAQ on Phishing

  • +

    What to do if I’m unsure about whether it’s a phishing scam

    If you’re unsure whether you have been a victim of a phishing attack...

    • Check the above list on how to spot a phishing email
    • Contact the sender to check if they really have contacted you
    • Log onto your user account connected to the alleged sender’s company to see if something’s not right
    • Never click on links in the email that appear to lead you to the company’s website
    • Do not contact the sender in the same way as they have contacted you. Their email account, mobile phone, Facebook account, etc. may have been hacked or stolen
    • If you are still in doubt, please contact
  • +

    What to do if I’ve become a victim of a phishing attack

    If you have accidentally...

    • shared your username and password
    • clicked on a link leading to an unsecure website and your computer seems to have been infected with a virus
    • opened an attachment in a phishing email

    ... then contact or report the security incident.

  • +

    Who is behind phishing attacks? And what do they get out of it?

    Cyber criminals are behind phishing attacks. Hiding one’s identity on the Internet is easy. It's easy to open and close email accounts, PayPal accounts and Bitcoin accounts without leaving a trace in the physical world, and therefore it’s also difficult to stop cyber criminals. Cyber criminals act internationally and phishing attacks are often worded in English or auto-translated into Danish.

    Senders of phishing emails may have ideological motives or they may seek revenge on individuals or organisations; however, the main reason is always money. They can use your bank and credit card information to transfer money without your knowing.

    Usernames and passwords for a company’s IT systems and networks may be used by cyber criminals to gain access to such systems and networks from where they’ll be able to retrieve valuable information. Even if the person, who has been hacked, has no valuable information in the system, cyber criminals may still be able to gain access to the information of other users once they have found their way into the system/network. Alternatively, cyber criminals may install a virus on the system/network and demand that you pay them to remove this virus (ransomware).

    Other personal information may be worth quite a lot of money for certain companies and therefore could be sold, or used by cyber criminals to hide their identity (identity theft).

  • +

    How do cyber criminals get my email address?

    Cyber criminals may use different methods for collecting email addresses:

    • If you’ve signed up for a newsletter or otherwise registered your email address, the person or company behind may choose to sell their list of email addresses. Or hackers may gain access to the mailing list and sell the list or use it themselves for sending phishing emails.
    • They may also collect email addresses from websites on which they are public. Just like search engine robots scour the web to collect data from websites, similar robots may be used to search for and collect email addresses. This means, that if your email address is displayed on, it may be collected and used for distributing phishing emails.
  • +

    How is phishing carried out?

    Phishing attacks do not only involve emails. Phishing also involves:

    • text messages that invite you to send personal information or that contain links
    • facebook posts that invite you to send personal information or that contain links
    • websites that are not secure and are infected with viruses to attack your computer
    • online ads that direct you to websites that are not secure
    • free software, including apps, that may contain viruses
  • +

    How does ITS protect AAU computers?

    All AAU computers are pre-installed with antivirus software (Windows Defender Antivirus) which is updated automatically and on a regular basis. When you use your AAU computer, you’ll receive notifications on such updates, and these may often require that you restart your computer.

  • +

    What is spear phishing?

    Spear phishing is targeted towards a specific individual or a specific group of individuals and differs from traditional phishing scams which use “spray and pray” techniques in the hope that just a few recipients will fall for the scam. The goal is the same as with traditional phishing: to trick you into clicking a malicious link or open an email attachment and hand over personal information. Spear phishing is often targeted at staff members with managerial or financial responsibilities (such as procurement responsibilities and the right to transfer money) and IT system administrators. The attacker will gain a significant advantage from gaining access to the recipient's computer, mail or system accounts.

    A spear phishing email typically displays the following characteristics:

    • It contains information that only a few people should know about. This may include specific work tasks, personal relationships, including private interests and financial conditions
    • The information may be retrieved from social media such as Facebook or LinkedIn or from AAU’s website
    • The email appears to come from a trustworthy sender from AAU or from a known, trustworthy collaboration partner
    • The email is well-worded and articulate