Blue-grey

A closer look at phishing


 

Whilst we want to keep our university safe from cybercrime, we also care about helping you to protect your personal accounts. Phishing is a common scam which can affect any of our devices, whether that be at work or home; below are some tips for how to keep a look out for phishing attempts, and how to tackle them.

What is phishing?

  • Phishing is a type of scam which intends to trick an individual into thinking a message comes from a reputable and familiar source, as a way of gaining access to someone’s information, such as bank details or passwords
  • Phishing scams can come in many different forms, including email, text message, or phonecall. They could even come from messaging services like Whatsapp, so it’s always good to be wary of information you share with large groups
  • Scammers might be motivated by a whole host of different aims. For example, they want your contact details so they can scam others, your financial details for immediate monetary gain, or they could even be trying to see what influence you have so they can use this against other people

Is somebody trying to scam me? How to spot it

Be wary of...

  • File extentions such as: .html, .htm, .php, .js, .exe, .bat, and .ps. If you find these kinds of attachments in an email or via a webpage, question whether you expected to receive it, or whether you know what it is - don’t open them without exercising caution.
  • Email addresses: If you’re not sure how legitimate an email address is or think it could be a scammer posing as someone or an organisation you know, hover over the address without clicking to see details. For Royal Holloway addresses, especially if a RHUL email, it should have the domain ‘rhul.ac.uk’ or ‘royalholloway.ac.uk’.
  • Links: like email addresses, you can hover over them to see where they go.

Generally, if you are not sure if a message is authentic, do not follow web addresses or phone numbers in it. Search for the organisation and use those contact details listed. 

Things to think about…

  • Does the tone of the message seem urgent or alarmist?
  • Is it written badly, with grammatical errors and spelling mistakes?
  • Does the message seem generic, and not the usual tone you would expert from this person or organisation?
  • Does the message ask you to send personal information?

Reporting an incident

Whether you lose your work laptop, or receive an email that doesn’t look quite right, you should let IT Services know. You can contact our service desk on itservicedesk@rhul.ac.uk.

If you feel you might have received a phishing attempt, you should always report this. You’ll see a ‘report message’ button in the top right of your email. Clicking this will send a copy of the suspected email to IT’s phishing mailbox, as well as sending it to Microsoft for analysis. If you then want to ask a question or aren’t sure about anything, you can email the Service Desk to let us know.

 

Phishing attempt examples

Sometimes it’s helpful to have an example of the types of things that could, and have happened, to help us understand what to look out for in the future. Read our document for a couple of scenarios.

Contact us

itservicedesk@rhul.ac.uk

01784 41 4321

Chat online with the IT helpdesk

Back to the IT Homepage.