Internal, open access

ITS Guide to scam emails and how to deal with them


Scam emails, (sometimes called "phishing emails"), are attempts by a third party to get you to part with information, usually your username and password. They do this by attempting to disguise themselves as a trusted organisation: your bank, ISP, Facebook or even IT Services. Normally they will attempt to persuade you that you need to provide your username and password, and possibly other information, or your account will be suspended/deleted.

IT Services will never ask for your username or password in an email.

See below for 5 ways to spot a fake email and for some recent examples.

What to do with a fake email

Never reply to a scam email or click on a link within the email.

If the email is purporting to be from IT Services at Reading University, you should notify your local IT Supporter who may then wish to forward a copy to ITS Help. We can then ensure that no responses can reach the senders.

If the email is from a third party, then check their websites. Many banks will have an address that you can forward the emails to so that they can take action. For further information about banks and email security see:

What can happen if you do reply

If you provide your university details, then your account will be accessed and may be used to send spam email to others. Your password may be changed and your email may be redirected to a third party. All of these have happened to people at the University of Reading in the past.

If your account is compromised in this way IT Services will need to disable your account until we can ensure that no further damage can be done. Spam email sent from our servers in this manner can damage the univeristy's reputation and also lead to us being blocked by other email servers.

If you provide your bank logon details then your account may be accessed and money removed.

5 Ways to Spot a fake email:

1. It will ask for your username and password
2. The use of English may be suspiciously poor, with frequent spelling and grammatical mistakes.
3. It will often have very general details, for example "Dear Webmail user" or "Dear University member".
4. The "From" address is not "" and the "reply-to" address is not a address.
5. The email will often be classified as Spam email by the AutoSpam system. Genuine emails from the University of Reading will not be classified as Spam


Example 1: In this example the email appears to come from but any replies will actually go to



Dear Users,

We are presently upgrading our webmail, so all also know as webmail users are expected immediately reply to this email with
the below form filled out.

Confirm Password:
Student ID Number/ Staffs ID Number:

Failure to do this we will immediately render your email address
deactivated from our database.

You can also confirm your email address by logging into your
account at or

Thank you for using our Staffs and Student Webmail!

Example 2:

Subject: Contact TNT For Your Bank Draft of $450,000.00 USD


Dear e-mail owner,

This message is from messaging center to all e-mail owners. We are currently upgrading our
data base and e-mail center. We are deleting all unused e-mail accounts to create space for new ones.

To prevent your account from closing you have to
update it below so that we will know its an existing

Email Username :.....
EMAIL Password : ................
Country or Territory : ..........

Warning!!! E-mail owner who fails to update his or her
e-mail within seven days of receiving this warning will
risk losing his or her e-mail account permanently.

Thank you for your understanding. Team


Page created: 10th March 2009

Was this information of use to you?

Yes No (36 people found this page useful)
Last Edited: 19 April 2016 | First Published: 10 March 2009

Things to do now

Spyware: how do I minimise the risk of this happening? More Help - PC Security

Page navigation

See also


Search Form

A-Z lists