A phishing attack is a fraudulent message purporting to be from a reputable source and encouraging you to reveal personal information – such as passwords and financial details.

Malicious emails including spam, viruses, malware and phishing attacks can potentially cause significant damage to University data and could also have significant personal impact, including financial consequences. They might appear to come from the University, so please be careful about the messages you open.

It is very important that you do not click any links, open suspicious attachments or respond to these types of emails, and never supply personal or bank details to people you do not know.

Always check any websites (URL/web address) you log into. Cyber criminals can fake the log in page of banks, Microsoft and other online services. If you are unsure, do not log in. Always go to the official website.

How to spot a phishing email:

• Are you expecting to receive an email from this person/company? If not, treat it with caution.
• Is the email addressed to you or is the greeting something more generic such as ‘Dear customer’? Treat the latter with caution.
• Check the email sender’s domain name (the last bit of the email address) – something like enquiries@homeoffice.gov.uk is likely to be trustworthy while UKhomeoffice@gmail.com is certainly not.
• Be wary of suspicious looking URLs in emails – again, an unbroken domain such as gov.co.uk or gov.co.uk/login would be trustworthy whereas login-at-gov.co.uk would not.
• Look out for poor spelling and grammar – most companies employ professional copywriters to write their emails. Scammers usually do not.
• Any email asking for personal information such as a PIN, password or financial details should be treated with extreme caution, as should an email that asks you to download something.
• Common phishing emails include delivery companies (DHL etc), invoice, and emails that look like Microsoft. If you are unsure, do not click any links.

How to spot a phishing SMS:

• SMS messages from official bodies will appear as being sent by ‘UK_Gov’ or ‘NHSNOREPLY’, not a personal number.
• When dealing with SMS messages you should also bear in mind the above advice relating to spelling, grammar and suspicious links.
• The government will not send you a fine via SMS for leaving your home during lockdown – nor will it ask you to pay a bill.

If you think you have received a phishing email or SMS you should try to delete it before opening it, if possible. If you do open it, be careful not to click any links and delete it as soon as you can. You should report it to the organisation that the message was claiming to be from.

If you receive any suspicious messages asking you for your University credentials, please report it to the IT Service Desk.

More advice around spotting phishing messages can be found on the IT Services webpages.