Phishing scams - how to spot and report them
The University is regularly targeted by phishing attacks so it's important you learn ways to protect yourself.
The impact of a successful phishing attack can be considerable - including personal financial loss and identity theft, service outages, reputational damage and even fines from the Information Commissioner's Office (ICO).
- What is phishing?
- Spotting phishing emails
- Actions to protect yourself
- If you think you have received a phishing email
- If you have responded to a phishing email
What is phishing?
Phishing is a type of social engineering attack designed to trick you into handing over personal information for criminal purposes.
Most phishing attacks are sent by email, and cyber criminals will often impersonate someone or an organisation you know, such as your bank, employer or a colleague. Phishing emails may look and sound like they are genuine, and they may even contain your personal information.
A typical phishing email will tell you that you need to do something, for example visit a website and complete a form or download an email attachment.
Spear phishing, whaling, farming are all types of phishing – but they are all designed to cause the same damage.
Spotting phishing emails
Spotting phishing emails is becoming increasingly difficult. However, there are some tricks that criminals will use to try and get you to respond without thinking. Things to look out for are:
| Does the email... | |
| use a generic greeting? | Phishing emails often use generic greetings like "Dear customer", however, more sophisticated emails may use your real name. |
| contain an offer that's too good to be true? | Emails offering you money or financial opportunities are often fake. For example, transferring or receiving money for someone else. If something sounds too good to be true, it probably is. |
| convey a sense of urgency? | Threats and urgent warnings like "your account is about to expire - act now" are intended to cause panic so you act quickly without thinking. |
| contain bad grammar and spelling? | It's unlikely genuine emails from legitimate sources will contain mistakes. |
| contain attachments you were not expecting? | Don't open attachments you are not expecting or from people you don't know. They may contain harmful viruses. |
| ask you for personal information? | No legitimate organisation will randomly ask you for personal information over email. |
| contain a suspicious link? | Pause before you click on any links in an email. If you are using a computer, hover your mouse over the link to check the address. If it doesn't look right, don't click it. |
Actions to protect yourself
- Never share your passwords with anyone.
- Never respond to emails that ask you to confirm personal information.
- Never click on or open suspicious links or attachments.
- If you're taken to a login page or website, never attempt to log in or enter your personal information.
- If it appears to be from someone you know contact the original sender by telephone or create a new email to ask them if the email is genuine.
If you think you have received a phishing email
- Do not do what the email tells you to do.
- Report the email in Outlook by forwarding as an attachment to phishing@essex.ac.uk.
- Delete the email.
The email will then be sent to our IT security team for analysis. If the email is malicious, we can take action to prevent others from receiving the phishing attack.
If you have responded to a phishing email
- If you have entered any financial details, contact your bank immediately and tell them that you have been the victim of an email scam. Do not wait to contact us before doing this.
- If you have entered your University password, change your password immediately. If you have used this password on other accounts, change it on those as well.
- Contact the IT Helpdesk so we can advise you what to do next.
- Run a full antivirus scan on your computer or device.
