Phishing is a type of scam intended to trick you into handing over personal or financial information which is then used to commit fraud.
Most phishing scams are sent by email. Fraudsters will often pose as someone or an organisation you know, such as your bank, employer or a colleague. The hoax emails are designed to look and sound like they are genuine. More sophisticated scams may even contain your personal information.
Phishing is one of the most common online threats, and University staff and students are regularly targeted, so it’s important to be aware of the tell-tale signs and know what to do when you encounter them. Why is it important? The impact of a successful scam can be considerable, including personal financial loss and identity theft, disruption to University services, reputational damage and even fines from the Information Commissioner's Office (ICO).
To help demonstrate what to look out for, we’ve used some examples of actual phishing emails received by our staff and students.
Less sophisticated phishing emails often contain mistakes, poor grammar, and strange or unfamiliar language.
“Thanks for your attention to O2” and “Good time of the day” – this scammer sounds friendly enough, but it’s a strange way to start an email about your phone bill.
Threats, warnings, and urgent requests are intended to cause panic, so you act quickly without thinking. Some popular techniques include:
Don’t take links at face value. It’s easy for scammers to hide fake web addresses in the text, images and buttons.
To reveal the real destination of a link, hover your mouse over the link for a moment and the address will appear. If you’re on a mobile device, press and hold on the link until the address appears. If it looks suspicious, it’s likely a scam email. Don’t click the link.
Here you can see “Click here for update” links to a fake University of Essex web address.
Emails offering you money or financial opportunities are often fake. For example, being awarded a grant you weren’t expecting. If something sounds too good to be true, it probably is.
Don't open or download attachments you aren’t expecting, or from senders you don’t recognise – these attachments may contain harmful viruses such as malware or ransomware. If you know the sender, find a way to contact them (not by email) to confirm if it’s genuine or not.
Harmful attachments may also be sent via links.
There’s no harm in simply receiving a phishing email as long as you don’t action it.
If you receive a phishing email you should:
The email will then be sent to our IT security team for analysis. If the email is malicious, we can take action to prevent others from receiving the phishing attack.
Read more about phishing attacks.