IT ServicesStudents

IT Security

What is phishing?

Phishing is the term applied to email scams that attempt to obtain sensitive information such as usernames, passwords, bank account details and credit card numbers.

 

Types of Phishing

  • Imitating as official University emails, such as campus security, IT Helpdesk or HR/Payroll with a link requesting you to log in with your username and password
  • Organisations requesting confirmation of bank details
  • Claims that bank details have been compromised, or claim that you have been awarded a grant, entitled to a refund, rebate, reward, discount or donate
  • Asking you to reset your social media account password and username

 

How to spot phishing emails

Several signs to spot if they are fake:

  • Request personal information such as PIN, password
  • Contains poor spelling and grammar.
  • Claim to offer something that is too good to be true, for example, “Congratulations You are a Winner…”
  • Contain generic greetings such as 'Dear Bank Customer' or 'Dear Email User'.
  • Suspicious link embedded in the email

Genuine- What to look for? 

"something".lboro.ac.uk/  The trailing forward slash character after .uk is very important! 

If it is missing and if there is a ‘.’  do not log in!

for a University online service, the web address will begin with the https - the s is very important: if it is absent do not log in!

Whenever you have to login the web page should have a padlock in the display. It can either be next to the address or at the bottom of the window, If you cannot see a padlock icon in the window of a web login screen do not log in!

Action to be taken once you’ve received a phishing email

  • Never click on any links
  • Never reply to the sender
  • Never open any unsolicited attachments

If you have received a phishing email, clicked on the link and provided your university credentials (username and password), please inform the IT Service Desk it.services@lboro.ac.uk or 01509 222333 immediately. Or the service provider i.e ‘Bank’.

If in Doubt

If you are unsure if an email is real or not, contact the IT Service Desk (details above) or your service provider (e.g. your bank)