Staff Directory

Working at Essex

Starting at Essex Equality, diversity and inclusion Employment policies, procedures and guidance Managing people Pay, rewards and benefits Pensions Taking leave Grading and reviews Professional development and training Recruiting staff Working flexibility Information and data UECS and Wivenhoe House staff Forums and networks

Teaching and learning

Academic standards and quality DBS checks for students Department student support roles Developing student success Exams and assessment Heads of Department Learning technologies Reading lists Staff awards and funding Student feedback Student wellbeing support and signposting Supporting students with disabilities and health conditions Supporting and welcoming new students Timetables

Research

Funding sources Making a funding application Research impact Promoting your research and research visibility Research governance Take part in research Managing an award Planning and assessment Knowledge exchange and commercialisation Research systems Repository and publishing Research management information Celebrating Excellence Awards

Our University

Brand Departments and schools Faculty support Freedom of information Governance Graduation Sustainability and biodiversity University partnerships

Services and facilities

Buildings, grounds and maintenance Crowdfunding Childcare Design, print and copy services Events, meetings and conferences Faith Centre Finance, planning and data insight Food and drink IT services Marketing and communications support Media Centre Parking Post and property services Professional Services teams Sport and recreation Strategic project delivery Student work experience and volunteering Theatre and arts on campus Travel, transport and accommodation Web support

Health, safety and wellbeing

COVID-19 (Coronavirus) Emergencies, security and safety Activities health and safety Equipment safety Health and safety support Fire safety Reporting health and safety incidents or concerns Risk assessment Safeguarding Work and study environments Working with physical agents Working with substances Your health and wellbeing

Online services

Email login Research Information System Research Repository Room booking form Unit4 Business World Phonebook Change your password

People and Culture

HR Organiser People Manager Develop at Essex Homepage Job vacancies

Academic

Moodle Libraries Academic departments FASER LEAP MyTutor Programme specifications Reading lists (Talis Aspire)

Info and help

Find your way campus map IT services Tableau Planning information portal Key dates Staff blog Report harassment Report a concern about student

staff Blogs06 April 2021

Think you can spot a phishing email?

Digital Innovation and Technology Services

Phishing is a type of scam intended to trick you into handing over personal or financial information which is then used to commit fraud.

Most phishing scams are sent by email. Fraudsters will often pose as someone or an organisation you know, such as your bank, employer or a colleague. The hoax emails are designed to look and sound like they are genuine. More sophisticated scams may even contain your personal information.

Phishing is one of the most common online threats, and University staff and students are regularly targeted, so it’s important to be aware of the tell-tale signs and know what to do when you encounter them. Why is it important? The impact of a successful scam can be considerable, including personal financial loss and identity theft, disruption to University services, reputational damage and even fines from the Information Commissioner's Office (ICO).

To help demonstrate what to look out for, we’ve used some examples of actual phishing emails received by our staff and students.

The email is poorly written

Less sophisticated phishing emails often contain mistakes, poor grammar, and strange or unfamiliar language.

Figure 1 - Example of a fake email sent by O2. This is a phishing email example.

“Thanks for your attention to O2” and “Good time of the day” – this scammer sounds friendly enough, but it’s a strange way to start an email about your phone bill.

A sense of urgency

Threats, warnings, and urgent requests are intended to cause panic, so you act quickly without thinking. Some popular techniques include:

warnings about disk space and mailbox quotas
updating or verifying your account details
requests to purchase something on behalf of someone else, particularly vouchers

Example of a Phishing email pretending to be from the University and showing an image of the email mailbox being nearly full

Example of a Phishing email pretending to be an email sent from the University IT helpdesk

Example of a Phishing email pretending to be an email sent by Microsoft Office

Example of a Phishing email pretending to be a work colleague

Suspicious links

Don’t take links at face value. It’s easy for scammers to hide fake web addresses in the text, images and buttons.

To reveal the real destination of a link, hover your mouse over the link for a moment and the address will appear. If you’re on a mobile device, press and hold on the link until the address appears. If it looks suspicious, it’s likely a scam email. Don’t click the link.

Example of a Phishing email pretending to be from the University's IT helpdesk

Here you can see “Click here for update” links to a fake University of Essex web address.

Offers that sound too good to be true

Emails offering you money or financial opportunities are often fake. For example, being awarded a grant you weren’t expecting. If something sounds too good to be true, it probably is.

Example of a Phishing email pretending to be from the University's awarding a student something

Attachments you aren’t expecting

Don't open or download attachments you aren’t expecting, or from senders you don’t recognise – these attachments may contain harmful viruses such as malware or ransomware. If you know the sender, find a way to contact them (not by email) to confirm if it’s genuine or not.

Example of a Phishing email pretending to be a colleague

Harmful attachments may also be sent via links.

If you think you have received a phishing email

There’s no harm in simply receiving a phishing email as long as you don’t action it.

If you receive a phishing email you should:

not do what the email tells you to do.
report the email in Outlook by forwarding it as an attachment to phishing@essex.ac.uk.
delete the email.

The email will then be sent to our IT security team for analysis. If the email is malicious, we can take action to prevent others from receiving the phishing attack.

What to do if you have responded to a phishing email

If you have entered any personal financial details, contact your bank immediately and tell them that you have been the victim of a scam. Do not wait to contact us before doing this.
If you have entered your University password, change your password immediately. If you have used this password on other accounts, change it on those as well.
Contact the IT Helpdesk so we can advise you what to do next.

General advice to protect yourself from scams

Stop and think. Be vigilant and curious.
Always hover over links in emails to check where they go to.
Don’t click on or open suspicious links or attachments.
Don’t respond to emails that ask you to confirm personal information.
Never share your passwords with anyone.
If you are in doubt, get a second opinion. Ask a savvy colleague or the IT Helpdesk.
Help protect others by reporting suspicious email to phishing@essex.ac.uk

About the Author:

Digital Innovation and Technology Services

University of Essex
Wivenhoe Park
Colchester CO4 3SQ

CONNECT WITH US