The University is regularly targeted by phishing attacks so it's important you learn ways to protect yourself.
The impact of a successful phishing attack can be considerable - including personal financial loss and identity theft, service outages, reputational damage and even fines from the Information Commissioner's Office (ICO).
- What is phishing?
- Spotting phishing emails
- Actions to protect yourself
- If you think you have received a phishing email
- If you have responded to a phishing email
Phishing is a type of social engineering attack designed to trick you into handing over personal information for criminal purposes.
Most phishing attacks are sent by email, and cyber criminals will often impersonate someone or an organisation you know, such as your bank, employer or a colleague. Phishing emails may look and sound like they are genuine, and they may even contain your personal information.
A typical phishing email will tell you that you need to do something, for example visit a website and complete a form or download an email attachment.
Spear phishing, whaling, farming are all types of phishing – but they are all designed to cause the same damage.
Spotting phishing emails is becoming increasingly difficult. However, there are some tricks that criminals will use to try and get you to respond without thinking. Things to look out for are:
|Does the email...|
|use a generic greeting?||Phishing emails often use generic greetings like "Dear customer", however, more sophisticated emails may use your real name.|
|contain an offer that's too good to be true?||Emails offering you money or financial opportunities are often fake. For example, transferring or receiving money for someone else. If something sounds too good to be true, it probably is.|
|convey a sense of urgency?||Threats and urgent warnings like "your account is about to expire - act now" are intended to cause panic so you act quickly without thinking.
|contain bad grammar and spelling?||It's unlikely genuine emails from legitimate sources will contain mistakes.|
|contain attachments you were not expecting?||Don't open attachments you are not expecting or from people you don't know. They may contain harmful viruses.|
|ask you for personal information?||No legitimate organisation will randomly ask you for personal information over email.|
|contain a suspicious link?||Pause before you click on any links in an email. If you are using a computer, hover your mouse over the link to check the address. If it doesn't look right, don't click it.
The email will then be sent to our IT security team for analysis. If the email is malicious, we can take action to prevent others from receiving the phishing attack.