Spam and phishing emails

What are spam and phishing emails?

  • Spam: unsolicited, junk email messages, usually sent to large numbers of people, for the purposes of advertising, phishing, spreading viruses, etc.
  • Phishing: fake email messages that claim to be from an organisation that you may trust (e.g. a bank, government, university), which often ask you to provide or "verify" personal or account details by replying or clicking a link.

How to stay safe

Following the five rules below will help you keep you personal and University data safe from email phishing scams:

  1. phishing - spot fake URL‌Don't be tempted to 'click this link' – it may be going to a fake website where the details you use to log into it will be captured; or one that will infect your computer with a virus.

    Hover your mouse over the link in an email to see the actual web address – it may well be different from the visible text that you can see in the email. This can give you a clue that the email is not genuine.
  2. Never give out your personal information - No legitimate organisation will ask for your personal details by email – and that includes your bank account, PIN, passwords, or contact details.

    If in doubt, do not use the link in the email. Visit the main homepage of the organisation instead or ring them up with the phone number that is advertised on their main website. If the enquiry or issue is genuine there will be information available on the website or via the telephone contact
  3. Don't open attachments from people you don't know or if you're not expecting them - not even if it seems to be from your bank, the government, or a reputable company (e.g. the Royal Mail, eBay or Amazon). They rarely send attachments.
  4. email phishing - verify account‌‌Watch out for common phrases – look out for phrases like "verify your account" or "if you don't respond within xx hours your account will be closed"
  5. If in doubt, don’t do anything - If you aren't sure about what to do then don't do anything – do not open attachments or follow any links. Get in touch with the IT Service Desk for advice about whether the email is malicious or not.