Phishing is the term applied to email scams that attempt to obtain sensitive information such as passwords, usernames or bank account details. Posing as legitimate organisations, or even individuals you know personally, criminals can use email as a way of gathering personal information about you.
Spear phishing is a common type of phishing attack that gathers information about an individual which allows them to appear to be a trusted source in an email. The targeted individual may click on a link, open attachments, reply to email etc. This may result in the attacker gaining access to personal and organisational sensitive data.
Spotting suspicious emails
If you receive an email from an individual or organisation that looks even slightly unusual, following the few simple steps below will help to protect your identity:
- Were you expecting an email from this person or organisation? If not, this should alert you to the need for some basic visual checks
- Even if the 'From' name looks familiar hover your mouse pointer over it to see the email address it came from. Does it look right? If not then do not reply, click on any links within it or open any attachments. Report it to email@example.com
- Similarly, is the email asking you to provide personal information by reply, or click on a link to go to a website, or similar? Again, if you are even slightly suspicious do none of these things, but report it to firstname.lastname@example.org
- Never enter your user name or password into an email asking for them. No legitimate organisation or individual will ever ask for this kind of information. If they do, report it to email@example.com
- If you are unsure and would like to talk to someone about it, contact the Service Desk, who will be happy to advise and help
How to treat a Phishing attempt
- Please do not reply or click on any links within the email;
- Forward the email to firstname.lastname@example.org;
- Delete the email from your inbox;
What to do if I have made a mistake and replied to a phishing email?
- Immediately change the password of the account for which you have revealed the password.
- Change your password to all services you used the same password.