Identifying phishing and scam emails
How to spot suspicious emails and stay safe online.
What is phishing?
Phishing is a type of online identity theft that uses email and fraudulent websites to trick you into sharing your information, such as credit card numbers, passwords, account data or other valuable information.
How to spot phishing
Email fraud that targets University staff and students is on the rise. It is becoming increasingly sophisticated and hard to identify.
We have systems in place to limit how many fraudulent emails get through and to minimise the impact where possible. However, some emails will always get through, so it is vital that you remain alert to potential threats and take responsibility for the security of your University computing and email accounts.
Below are some tips to spotting phishing attempts and email scams.
- Scam emails can take many forms, including those which claim to come from the University itself. It is important to be vigilant and be sceptical of any unsolicited email which asks for you to click on a link and log in.
- Remember, if it seems too good to be true, it probably is.
- Check for misspellings and poor grammar.
- The email may come from a different email address than the organisation it claims it is.
- The email starts with an unusual or generic greeting such as ‘Dear valued customer’.
- A fraudulent email may contain attachments, which could include .exe files.
- The email may include a sense of urgency, for example, the threat that unless you act immediately your account may be closed.
- The email may include a prominent website link. These can be forged or seem very similar to the proper address, but even a single character’s difference means a different website.
- There may be a request for personal information, such as your username, password or student loan details. The University will never ask you for your username or password.
- The entire text of the email may be contained within an image rather than the usual text format. An image can contain an embedded link to a bogus site.
What action should you take
- Never respond to emails that ask for your password or other sensitive information.
- Never click on or open suspicious links or attachments.
- If you're taken to a login page or website, never attempt to log in or enter your personal information.
- If the email appears to be from someone you know, contact the original sender by telephone or create a new email to ask them if the email is genuine.
- Report a phish or junk email in Outlook by using the 'Report Message' button.
Please contact the IT Service Desk immediately if you have already clicked on a link, entered any personal information or have opened/downloaded any attachments.