Phishing Advice

October 25, 2018

Phishing is the phrase used to describe the use of hoax emails by cybercriminals to trick individuals into parting with important personal information. By using fake messages or fake websites which appear reasonably legitimate, cybercriminals attempt to gain email credentials to allow them access to personal details, money or to use account details to contact colleagues or friends with further phishing messages.

IT Services recently warned students following an attempted phishing attack to be extra vigilant when clicking on links in emails, especially where asked to input university credentials.

Typical phishing attacks could include:

  • Emails claiming to be from a supplier that could be targeted specifically at people working in a particular field – e.g. those working in finance may receive ‘invoice attachments’ which are a means of infecting PCs with malware or a virus.
  • Individuals may receive emails from IT Services or Microsoft advising them to change their passwords as there has been a security breach, which would require them to enter their current credentials. Cybercriminals will try to cause worry by emphasising the negative consequences of inactivity to force you into complying with their request.
  • Emails may include links to websites that may at face value look familiar that are trusted but are fake e.g. http://165.827/HESA.AC.UK or http://www.southwales.ac.uk.spoof.us/. If you have any doubts, we recommend manually entering the trusted website address.

IT Services have systems in place to identify phishing attacks and the majority of these emails do not come through to students. However, from time to time, these emails may get through the filter, which is why we advise learning about online safety and what you can do to ensure your devices and personal safety are kept safe and secure.

Some helpful reminders:

  • The University will never ask for your password in an email or over the phone. Make sure that your password is strong and unique and don’t share it with anyone
  • Be wary of emails that require you to open attachments or click on links. Only open attachments/links from trusted sources
  • Whilst not always the rule, phishing emails often include generic greetings, use phrases/terms that are unusual and may include noticeable spelling and grammatical errors
  • Be mindful that all is often not as it may seem – some emails may appear to come from certain individuals but hovering the mouse over the email address will display the true address
  • If you have clicked on a suspicious link or opened an attachment, change your password and report it to IT Services immediately via the on-line PoB system. In the subject heading insert “Phishing email link accessed”

Tagged: unilife