Stockholm university logo, link to start page

Targeted phishing attempts against the University

We are currently aware of a large number of phishing emails in circulation. In these messages, users are requested to click a link that redirects to a fake login page. Do not click the link!

Fishing hook trying to fish login information

We have seen a sharp increase in the number of targeted phishing attacks in recent days against both students and staff at Stockholm University. 

The attacks involve different email messages as well as different versions of these messages, for example:

  • “Din bekräftelse på COVID19 vaccinregistrering/Confirmation of your COVID19 vaccine registration”
  • “Åtkomst till ditt bibliotekskonto/Access to your library account”

The emails look convincing and request the user to click a link so they can log in, or words to that effect. The page that the link redirects to looks exactly like the University login page, but is located at a different address where the attacker can see all the details that are entered.

IT Services has discovered a number of different fake login pages that we are restricting access to, but new pages are appearing all the time as well as new versions of the requests. A large number of user accounts have entered their login details in these fake login pages, and we are working hard to resolve the issue.

IT Services is urging everyone to exercise caution with respect to any strange-looking links in emails and to make sure they only enter their login details on pages that actually belong to the University. To check a page’s web address look at the address bar. The Stockholm University login page has the address https://idp.it.su.se/ and nothing else.

(An address for a fake login page could be https://idp.it.su.se[.]data[.]it for example, so it may be similar.) 

If you have already clicked a link in an email like this or your university account has been blocked, contact Helpdesk.