Phishing emails | please be vigilant

We have tested and deployed proactive measures to protect student and staff desktops against cyber attacks. The most recent attacks on campus have been through phishing.

What is phishing? 

Phishing is a social engineering technique used by cyber-criminals to steal personal information. It can be used for the purposes of identity theft, fraud or any other malicious attack. Within the University, the purpose of phishing is to obtain your credentials.

The most common phishing attack method is by emails. These authentic-looking messages, usually called phishing scams, are designed to exploit information from the recipients; either by asking them to reply to an email message or by clicking on a link/attachment within the email.

Cyber-criminals often mask the emails to look like they are coming from legitimate businesses or government organisations. Within the University, recent examples are Microsoft and our unverified sender alert.

Educate yourself
These emails cannot corrupt your device on its own, you have to interact with it. Think:

  • When you receive an email to your University account, consider if you were expecting correspondence on that topic, from that recipient. If you weren’t, and the message is calling for you to act either by sending information, clicking on an active link, or downloading an attachment, first ask the IT Service Desk to confirm its legitimacy.
  • Never tick/check enable macros on attachments, unless you explicitly need to and trust the sender.
  • Don’t run a program if you don’t know where it has come from and you have not chosen to install it yourself.
  • Finally, always report suspicious emails as ‘Phishing’ using the instructions in the video below.

Further advice can be found on the Information Security website section.

Getting help
UoD IT staff are available 09:00-22:00 Mon-Fri and 10:00-22:00 Sat-Sun. Please log a call for assistance via Help4U if you have any concerns.