Types of Phishing
- Imitating as official University emails, such as campus security, IT Helpdesk or HR/Payroll with a link requesting you to log in with your username and password
- Organisations requesting confirmation of bank details
- Claims that bank details have been compromised, or claim that you have been awarded a grant, entitled to a refund, rebate, reward, discount or donate
- Asking you to reset your social media account password and username
How to spot phishing emails
Several signs to spot if they are fake:
- Request personal information such as PIN, password
- Contains poor spelling and grammar.
- Claim to offer something that is too good to be true, for example, “Congratulations You are a Winner…”
- Contain generic greetings such as 'Dear Bank Customer' or 'Dear Email User'.
- Suspicious link embedded in the email
Genuine - What to look for?
- "something".lboro.ac.uk/ The trailing forward slash character after .uk is very important! If it is missing and if there is a ‘.’ do not log in!
- for a University online service, the web address will begin with the https - the s is very important: if it is absent do not log in!
- Whenever you have to login the web page should have a padlock in the display. It can either be next to the address or at the bottom of the window, If you cannot see a padlock icon in the window of a web login screen do not log in!
Action to be taken once you’ve received a phishing email
- Never click on any links
- Never reply to the sender
- Never open any unsolicited attachments
If you have received a phishing email, clicked on the link and provided your university credentials (username and password), please inform the IT Service Desk firstname.lastname@example.org or 01509 222333 immediately. If you have disclosed other security details (eg bank account details), please contact your bank or other service provider.
If in Doubt
If you are unsure if an email is genuine or not, contact the IT Service Desk (details above) or your service provider (eg your bank)