They’ll usually target people unfamiliar with the University’s systems and those with their guard down because they have lots of competing priorities.
Our systems block a lot of these phishing attacks, however, some of the more sophisticated attempts do still get through. Part of our protection at the University is you, our colleagues and students who can help identify phishing e-mails that evade our security systems.
Trust your instincts
It’s hard to produce a definitive set of rules to follow in identifying phishing attacks, as communications that have malicious intent are so varied and becoming more sophisticated than ever before.
That’s why the National Cyber Security Centre’s advice for spotting phishing attacks is so useful. They point out that often a sign of a phishing attack is how it makes you feel, not just how genuine it looks.
Here are some of the key things to look out for:
Authority: Is the message claiming to be from someone official? For example, your bank, doctor, solicitor, a government department, or a senior member of staff at the University? Criminals often pretend to be important people or organisations to trick you into doing what they want.
Urgency: Are you told you have a limited time to respond (such as 'within 24 hours' or 'immediately')? Criminals often threaten you with fines or other negative consequences.
Emotion: Does the message make you panic, fearful, hopeful, or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more.
Scarcity: Is the message offering something in short supply, like concert tickets, money or a cure for medical conditions? Fear of missing out on a good deal or opportunity can make you respond quickly.
Current events: Are you expecting to see a message like this? Criminals often exploit current news stories, big events or specific times of year (like tax reporting and Student Loan Company payments) to make their scam seem more relevant to you.
Spot the phish!
The aim of most phishing attempts is to get you to follow a link. To better protect the University, those who create content should consider what links are necessary to include. For example, reducing links that go to external sites is a good example of best practice. Those consuming content should also be mindful before clicking on a link; one way to check before clicking is to hover your cursor over the hyperlink and you should see the full URL appear at the bottom of your screen.
Following this advice, we can tackle and prevent phishing attacks together at the University. If you suspect a malicious communication, please report it immediately to email@example.com.