Signs of safety
Check the following things before typing in your UiO password, or any other kind of password or pin code:
Some signs of safety are the same for all web sites:
- The URL starts with "https" ("s" for "safe")
- There is a small padlock icon next to the URL.
On the UiO website, you can also check the following:
- The URL on the site should always contain "uio.no", for example https://webmail.uio.no.
- The graphic profile is recognisable and corresponds with the UiO graphic profile.
Before typing your UiO password, make sure that the website URL looks like this:
- https://[service].uio.no/example/more-example/
- https://[service].feide.no/example/ more-example/
- https://[service].uhad.no/example/ more-example/
The first part of the website URL has to end with either
- .uio.no, e.g. https://webmail.uio.no/
- .feide.no (used for authentication across the Norwegian higher education sector)
- .uhad.no (used by some Microsoft services)
Examples of real and fake websites
Fake website
Example of a website set up by scammers trying to steal your password and username. Note that web address contains "uio.no", but not in the right place.
Real website
This is the real UiO webmail site. The two websites look identical, except for the URL.
Fake website
Another fake login page. This one contains "uio-no", but not in the correct format https://[service].uio.no.
Examples of UiO related log in sites
As an employee or student at UiO you have to log in by using a user name and password to gain access to a number of services. Some of these are owned by UiO, like Brukerinfo, Webmail and Weblogin (Norwegian). Sites like Feide is owned by Uninett. Even though UiO is not the owner, Feide (Norwegian) is still safe to use.
Other precautions
Scammers and others with ill intent also use padlock images and https in their fake log in sites.
We therefore recommend that you never click on log in URL's sent to you by e-mail, even though the e-mail looks like it is from an IT employee at UiO, your bank or other trusted sources. Our tip is to write the URL in your browser yourself or use your own bookmarks.
Be critical!
If you are unsure, contact UiO-CERT and ask.
Never share your password!