Avoid phishing and scam emails. How to spot suspicious emails and stay safe online.
What is phishing?
Phishing is a type of online identity theft usually, claiming to be from an organisation that you may trust, that uses email and fraudulent websites to trick you into sharing your information such as credit card numbers, passwords, account data or other valuable information.
Spam is unwanted, junk email, typically sent to large numbers of people, for the purposes of advertising, phishing, spreading malware, etc.
How to spot phishing
Email fraud that targets university staff and students is on the rise. It is becoming increasingly sophisticated and hard to identify.
We have systems in place to limit how many fraudulent emails get through and to minimise the impact where possible. However, some emails will always get through, so it is vital that you remain alert to potential threats and take responsibility for the security of your University computing and email accounts.
Below are some tips for spotting phishing attempts and email scams.
- Be wary of emails that ask you to validate or verify your account.
- Phishing emails tend to be poorly written and may include spelling mistakes and odd formatting.
- Look out for emails that have a sense of urgency and imply you might lose access to your account or those with threatening tone and content.
- They may appear to be from someone you know or an official source at the University.
- Be wary of links in emails. Is the destination the same as the link you see? Try hovering over the link to check.
- The email starts with an unusual or generic greeting such as ‘Dear valued customer’.
- A fraudulent email may contain attachments, which could include .exe files.
- A request for personal information such as your username, password or student loan details. The University will never ask you for a username or password.
- Remember, if it seems too good to be true, it probably is.
What action should you take?
- Never respond to emails that ask for your password or other sensitive information.
- Never click on or open suspicious links or attachments.
- If you're taken to a login page or website, never attempt to log in or enter your personal information.
- If it appears to be from someone you know contact the original sender by telephone or create a new email to ask them if the email is genuine.
I think I have fallen for a phishing scam, what do I do?
If you or anyone you know falls for a phishing scam, you should:
1. Report to your bank immediately if any bank details are involved
2. Change your University account password using Password Manager
3. Contact the IT Support, who will:
- Help you make sure your account is fully secured
- Provide advice specific to the particular compromise
- Track down other users who may have been affected
4. Follow our advice to protect your account: