Spotting phishing emails is becoming increasingly difficult. However, there are some tricks that criminals will use to try and get you to respond without thinking. Things to look out for are:
|Does the email...
|use a generic greeting?
||Phishing emails often use generic greetings like "Dear customer", however, more sophisticated emails may use your real name.
|contain an offer that's too good to be true?
||Emails offering you money or financial opportunities are often fake. For example, transferring or receiving money for someone else. If something sounds too good to be true, it probably is.
|convey a sense of urgency?
||Threats and urgent warnings like "your account is about to expire - act now" are intended to cause panic so you act quickly without thinking.
|contain bad grammar and spelling?
||It's unlikely genuine emails from legitimate sources will contain mistakes.
|contain attachments you were not expecting?
||Don't open attachments you are not expecting or from people you don't know. They may contain harmful viruses.
|ask you for personal information?
||No legitimate organisation will randomly ask you for personal information over email.
|contain a suspicious link?
||Pause before you click on any links in an email. If you are using a computer, hover your mouse over the link to check the address. If it doesn't look right, don't click it.
- Never share your passwords with anyone.
- Never respond to emails that ask you to confirm personal information.
- Never click on or open suspicious links or attachments.
- If you're taken to a login page or website, never attempt to log in or enter your personal information.
- If it appears to be from someone you know contact the original sender by telephone or create a new email to ask them if the email is genuine.
- Do not do what the email tells you to do.
- Report the email in Outlook by forwarding as an attachment to email@example.com.
- Delete the email.
The email will then be sent to our IT security team for analysis. If the email is malicious, we can take action to prevent others from receiving the phishing attack.
- If you have entered any financial details, contact your bank immediately and tell them that you have been the victim of an email scam. Do not wait to contact us before doing this.
- If you have entered your University password, change your password immediately. If you have used this password on other accounts, change it on those as well.
- Contact the IT Helpdesk so we can advise you what to do next.
- Run a full antivirus scan on your computer or device.