Since the start of the Covid-19 outbreak, cyber security risks have been at an all-time high as our reliance on email, Microsoft Teams, and our various electronic devices has increased dramatically.
Cyber criminals are taking advantage of the pandemic to trick users into revealing their personal information or clicking on malicious links or attachments. They sometimes impersonate Government organisations, like the Ministry of Health or HMRC, or they pretend to be other students, your lecturers or departments, or other universities.
There are many reasons why these emails get sent, but the most common reason is to get you to give up personal information to criminals, like your usernames and passwords, that can be used in the future.
Follow our top tips to spot a phishing email, and stay as safe as you can online.
Spotting Phishing
Many phishing emails will look legitimate at first glance. They might contain recognisable branding, or look like something you regularly receive, like a parcel delivery notification. Email phishing attacks have increased over 600% since the end of February 2020, and those attacks are becoming more and more sophisticated. If you spot any of the following, be very careful before trusting the message.
Does the email…?
- look identical to messages from a reputable organisation (such as a medical or Government institution),
- sound urgent or try to spread fear,
- claim to enclose important information or breaking news,
- ask you to download and/or click on attachments and links?
If yes...
- Were you expecting this email? Don’t trust unsolicited messages.
- Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action.
- Look for wording and terminology. Apart from phishing, cyber criminals could also trap a specific person via spear phishing using the receiver’s full name. Check for terms and language that is normally expected in the type of email you receive.
- Check the email address. Check the sender’s name, email address and whether the email domain matches the organisation that the sender claims to be from. If not, it is probably a phishing attempt.
- Check the link before you click. See your emails in plain text to check for the hyperlinked address to see the real hyperlink. If it is not the same as what appears in the email, it is probably a phishing attempt.
- Keep an eye out for spelling and grammatical mistakes. If an email includes spelling, punctuation and/or grammar errors, it could be a phishing email.
- Visit websites by typing the domain name yourself. Avoid clicking on links in messages, and if the sender has directed you to a specific website, go there yourself.
You should never provide any personal details via email. That includes any ID, your usernames and passwords, and other sensitive information.
When you think an email is spam or phishing
If you’re suspicious of an email, don’t respond to it.
You should report any suspicious messages to us. You can do this by pressing the ‘report message’ icon in Outlook.
What to do if you have clicked on a spam message or responded to a phishing email
If you have clicked on a link you think is suspicious, or provided personal details in response to a phishing email you should contact the IT Service Desk as soon as you can. We will help you secure your accounts.