Phishing is the act of tricking you into giving away sensitive information or downloading malicious software onto your computer or your company's computer network.
The University is regularly targeted by such attacks and the impact can be considerable including financial loss, personal and business data leakage, IT network outages, reputational damage and even fines from the Information Commissioner's Office (ICO).
Top Tips: Stay safe on phishing
Help us protect yours and the University's data by looking out for the most commonly deployed phishing techniques:
Is it an unexpected email?
If you receive an email which you aren't expecting or you are unsure where it has come from, you should not reply, or open any links or attachments.
You didn't initiate the action
If you get a message informing you that you have won a contest you did not enter, or that your parcel from somewhere you didn't order from is ready for delivery, alarm bells should be ringing.
Is it too good to be true?
An email giving you a fantastic offer on a new phone, or saying you've won something in a competition you've never entered, is unlikely to be genuine.
The email contains poor spelling and grammar
If the message contains incorrect spelling and dodgy grammar then it may not come from a professional establishment.
The email indicates urgent action is required
Often scams will send the email as "Action Required" in order to hurry you to reply without making any checks.
The email address looks suspicious
Hover over the name to see what the full email address is (on a mobile tap the email name to show the full email address). The name displayed might look OK, but does it match the email address? For example an email address displayed as "Microsoft Support" looks plausible, but if it comes from email@example.com, you should reconsider.
The email contains a link
If the email contains links, hover over them (do not click) with your mouse. Does the preview weblink (URL) appear to match the weblink in the email text? If it doesn’t, you may have found a phish.
There's a handy link to login to your account
Phishers want to make it easy for you to give them your details. If you are unsure if an email is genuine, go to the company website and login to your account from there.
The email asks for personal information
A reputable company should never send an email asking for your password, credit card number, or the answer to a security question. If you know the company, check with them via another route (phone or email separately).
What should you do with a phishing email?
If you've clicked the link and entered your details we need to know straight away so we can take steps to protect your data and the University.
Even if you are in doubt, please report to DTS. We'd rather we could tell you that the email is genuine than you fell for a scam!
Further information and training
May 2022 phishing campaign - results and information about what to look out for in a phishing email
Digital Skills - Security (UoR Learn, search for Digital Skills - Security)
Avoiding Phishing Scams (LinkedIn Learning, video, 8mins)
Cyber Security Awareness - Phishing (LinkedIn Learning, video, 1h)
If you've received an email that you think is suspicious report to DTS straight away.
Do not be tempted to click on any links or open any attachments in the email.
- IT Self Service Portal
- Telephone (Internal): 6262
- Telephone (External): 0118 378 6262
- Email: firstname.lastname@example.org