Skip to main content

Phishing – University of Reading

Show access keys

Phishing

 

Phishing is the act of tricking you into giving away sensitive information or downloading malicious software onto your computer or your company's computer network.

The University is regularly targeted by such attacks and the impact can be considerable including financial loss, personal and business data leakage, IT network outages, reputational damage and even fines from the Information Commissioner's Office (ICO).

cyber-phishing

Top Tips - stay safe on phishing

Help us protect yours and the University's data by looking out for the most commonly deployed phishing techniques:

The message contains a mismatched URL

The URL in a phishing message may appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address. If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.

URLs contain a misleading domain name

People who launch phishing scams often depend on their victims not knowing how the DNS naming structure for domains works. The last part of a domain name is the most telling. For example, the domain name "info.test.com" would be a child domain of "test.com" because "test.com" appears at the end of the full domain name.

Conversely, "test.com.maliciousdomain.com" would clearly not have originated from "test.com" because the reference to test.com is on the left side of the domain name. This trick has been used countless times by phishing criminals as a way of trying to convince victims that a message came from a company like Microsoft or Apple.

The phishing attacker simply creates a child domain bearing the name Microsoft or Apple for example. The resulting domain name looks something like this: Microsoft.maliciousdomainname.com.

The message contains poor spelling and grammar

If the message contains unprofessional spelling and grammar then it may not come from a professional establishment.

The message asks for personal information

No matter how official an email message might look, it's always a bad sign if the message asks for unusual personal information. Your bank doesn't need you to send it your account number. It already knows what that is. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.

The offer seems too good to be true

There is an old saying that if something seems too good to be true, it probably is. That holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.

You didn't initiate the action

If you get a message informing you that you have won a contest you did not enter, you can bet that the message is a scam.

The email indicates urgent action is required

Often scams will send the email with Actions Required in order to make the email seem important

We use Javascript to improve your experience on reading.ac.uk, but it looks like yours is turned off. Everything will still work, but it is even more beautiful with Javascript in action. Find out more about why and how to turn it back on here.
We also use cookies to improve your time on the site, for more information please see our cookie policy.

Back to top