Thanks for visiting

Why this website?

Cyber security refers to the protection of internet-connected systems, including hardware, software and data, from digital attacks. These attacks can come in the form of malware, phishing scams, and hacking attempts.

At WdKA, hybrid working has exploded in recent years. And why not? It's possible. But there is a downside to location-independent and flexible working. Cybercriminals are only too happy to abuse it.

With this website we try to bring awareness to cyber security and minimize the risk. Check out the most common security threats here on the right, and click on each threat to learn more about it.

The Rotterdam University of Applied Science offers free Online training Stay Cyber Safe for all employees. Please visit https://staycybersafe.hr.nl/

If you want to know more about cyber security, don't hesitate to contact us.

"Don't be a victim of cybercrime."

Digital Development Team
Education Station.
Willem de Kooning Academy.

Ransomware

Ransomware is a type of malware that encrypts a victim's files and demands payment in exchange for the decryption key. Once the victim pays the ransom (usually in the form of cryptocurrency like Bitcoin), the attackers promise to provide the key to restore access to the encrypted files. But there is no guarantee you will regain access to your information after paid. So do not pay the ransom.
Learn more

Data breach

Do you handle sensitive, protected, or confidential data of WdKA students or employees? Always handle such data with care. Otherwise, the information may fall into the hands of third parties, intentionally or unintentionally . If sensitive data is copied, sent, viewed, stolen, or used by a person who does not have permission to do so, you are dealing with a data breach.


Learn more

DDoS attack

A DDoS (Distributed Denial of Service) attack is a type of cyber attack that aims to make a website or network resource unavailable to its intended users. This is accomplished by overwhelming the target with a large amount of traffic from multiple sources, known as a "distributed" attack. The goal of a DDoS attack is to disrupt normal traffic and prevent legitimate users from accessing the targeted service. DDoS attack can be done by using botnets, which are large networks of compromised devices that can be controlled remotely to launch attacks.
Learn more

Phishing

Phishing is a type of cyber attack where an attacker uses fraudulent means to obtain sensitive information, such as login credentials or financial information, from a victim by posing as a trustworthy entity. This is typically done through email, social media, or messaging apps, and the attacker may use various tactics such as creating fake login pages or including malicious links in their message. The goal of a phishing attack is to trick the victim into giving up their personal information
Learn more

Don't pay the ransom!
There is no guarantee you will regain access to your information, nor prevent it from being sold or leaked online. You may also be targeted by another attack. Contact 24/7 the WdKA CERT (Computer Emergency Response Team).


Every 11 seconds an organization falls victim to a ransomware attack.*

LEARN MORE

Ransomware

How did ransomware happen?

  • Attackers steal your credentials (for example through phishing emails).
  • They use those credentials to attack your web apps or computer.
  • They encrypt your data to collect a ransom (usually in the form of cryptocurrency)

How to tell you have ransomware?

  • You can not have access to your web apps , mails or computer.
  • There is a notice on the screen that your application is encrypted, and ask for a ransom.

What to do?

  • Do not pay the ransom.
  • Turn off the infected device immediately.
  • Disconnect your other devices.
  • Contact 24/7 the WdKA CERT (Computer Emergency Response Team)
  • Contact the HR CERT (Hogeschool Rotterdam Computer Emergency Response Team)
  • Change your important passwords as soon as possible. Start with your most important accounts first.

Education Station
Education Station

LEARN MORE

Data breaches

Examples of data breaches:

  • Loss of a laptop or USB stick containing personal data without the laptop or USB stick being properly secured.
  • Loss of a collection of personal data without backup.
  • Leaving important documents on the train.
  • Post a list of e-mail addresses of students or employees in the hallway, at the public printer, or e-mail that list to the wrong recipients
  • Email with test results to a group of students
  • Invite a group (for example) of students and put all their email addresses in the cc field instead of the bcc field in the invitation.


What to do?

  • If you think there has been a data breach, please contact the contact person of the institute or service immediately.
  • You can also e-mail (a suspicion of) a data breach to: datalek@hr.nl.

There is an obligation to report the data breaches.


A data breach may also be a violation of the General Data Protection Regulation (GDPR). If it is, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, DPA) can impose a fine.*


Rotterdam University of Applied Sciences has a group of experts ready in case a data breach is reported; the Data Breach Response Team.
DDoS and similar attacks are punishable in the Netherlands under Article 138b of the Criminal Code. It is also illegal to have stress or booter services.


DDOS attacks are becoming increasingly more frequent, and there doesn’t appear to be any signs of slowing down. In fact, according to recent studies, DDOS attacks are expected to increase by over 300% in 2023

LEARN MORE

DDoS attack

DDoS stands for Distributed Denial of Service

How to tell if you’re being DDoSed

  • The website (myWdKA, Feedback etc) load slowly or not at all.
  • Slow or unresponsive servers, including “too many connections” error notices
  • 500 internal server errors status codes.
  • 503 errors on the website.

What to do?

  • Try first to empty cache on the browser.
  • If it still doesn't help, restart the computer
  • Still not working? Contact service@hr.nl and report the issue

Education Station

LEARN MORE

Phishing

Examples of phishing:

  • You may be asked to send money for expenses or fees. This is an immediate sign that the email is fraudulent
  • The email claims that the user’s password is about to expire. Instructions are given to go to h0gesch00lr00tterdam.nl/renewal to renew their password within 24 hours.
  • The email ask you to click on a link, which they later use to install malware or stealing you credentials.
  • Posing as the Director, the attacker emails a departmental project manager (PM) using a subject line that reads, Updated invoice for Q3 campaigns. The text, style, and included logo duplicate the organization’s standard email template. A link in the email redirects to a password-protected internal document, which is in actuality a spoofed version of a stolen invoice. The PM is requested to log in to view the document. The attacker steals his credentials, gaining full access to sensitive areas within the organization’s network.


How to recognised a phishing email?

  • Has a deceptive email header. Check message headers carefully to see who the sender really is. Phishers use colors, logos and phrasing from WdKA to make their communication seem genuine and mimic a legitimate email address.
  • Hover your mouse over a link without clicking it to see the link’s destination.
  • Make sure the URL for any form matches the trusted place you intend to go.
  • Is not a secure page. Before entering any PII, be sure a page is security enabled (starts with https, not http). Never fill in forms you receive in email, or ones you were directed to by an unsolicited message, pop-up or text.
  • Fails to address you by your name and instead addresses you as “Client,” “User” or “Customer”.
  • Requires an immediate response such as, “You must respond within 24 hours”.
  • Threatens with consequences such as, "if you do not respond".
  • Promises services or rewards that are too good to be true like offers on coupons or promises to remove computer viruses
  • Directs you to a website that looks legitimate, but is not. For example "h0gesch00lr00tterdam.nl" with the letter "o" being replaced by number zero.
  • The email makes unrealistic threats or demands.
  • There’s a catch. For example you may be asked to send money for expenses or fees. This is an immediate sign that the email is fraudulent.
  • Poor spelling and grammar.
  • You are asked for sensitive information.


What to do?

  • Do not open it. In some cases, the act of opening the phishing email may cause you to compromise the security of your Personally Identifiable Information (PII)
  • Delete it immediately to prevent yourself from accidentally opening the message in the future.
  • Do not download any attachments accompanying the message. Attachments may contain malware such as viruses, worms or spyware.
  • Never click links that appear in the message. Links embedded within phishing messages direct you to fraudulent websites.
  • Do not reply to the sender. Ignore any requests the sender may solicit and do not call phone numbers provided in the message.
  • Report it. Help others avoid phishing attempts. Forward the mail to abuse@hr.nl
  • If you receive a phone call that seems to be a phishing attempt:Hang up or end the call. Do not respond to the caller’s requests. Never give PII to the incoming caller.

Analogous to fishing, phishing is also a technique to “fish” for usernames, passwords, and other sensitive information, from a “sea” of users.


Email phishing is a numbers game. An attacker sending out thousands of fraudulent messages can net significant information and sums of money, even if only a small percentage of recipients fall for the scam.


Phishing is the most common type of cybercrime, with the FBI's Internet Crime Complaint Centre reporting more incidents of phishing than any other type of computer crime.


9 in 10 cyberattacks start with a phishing email.

1 in 3 employees are likely to click the links in phishing emails.

41% of employees failed to notice a phishing message because they were tired.

An estimated 97% of employees in a wide array of industries are unable to recognize a sophisticated phishing email.




CONTACT

  • Hogeschool Rotterdam CERT cert@hr.nl (Computer Emergency Response Team)
  • Data Breach datalek@hr.nl, report within 72 hours.
  • Phishing mails should be forward to abuse@hr.nl. Do not click on any links or download any programs. Delete the mail afterward.
  • Is privacy at stake? Report this to privacy@hr.nl
  • Lost devices or less emergency incidents, report to service@hr.nl
  • In case of emergency, Contact 24/7 the WdKA CERT (Computer Emergency Response Team).