Think before you click

Phishing is a technique used by cyber criminals to try and trick you into revealing personal and sensitive information about yourself, like your usernames, passwords, or financial information. They do this by sending emails which often pretend to come from trusted contacts or organisations, such as your colleagues, family members, your bank, online retailers and internet companies.

These emails frequently try to create a sense of urgency, using intimidation tactics to force you into acting quickly and without thinking carefully about what you’re actually being asked to do. Links within phishing emails will direct you to a website that looks very similar – or even identical to – a real website that you may use frequently, but which the cyber criminal hopes to use to lure you into giving up your private information.

Spear Phishing and Whaling

These are phishing attacks which are targeted at specific individuals – for example senior leaders, or staff with access to IT or finance systems and processes. To make their attacks more convincing, cyber criminals may impersonate other people the target frequently corresponds with, even using existing message threads and subjects to make their messages seem legitimate.

SMiShing and Vishing

SMiShing is phishing which is carried out using SMS text messages. These can sometime look very convincing, since it’s possible for the attacker to make the message appear to come from any number of their choosing. If they use the actual number of a bank or an online store that you happen to use, then their messages will appear in threads alongside real messages from those organisations. Vishing is phishing which uses voice calls – real or automated – to try and trick you.

Phishing Defence Top Tips:

  • Trust your instincts – if something doesn’t feel right, consider your actions carefully and seek assistance if you’re unsure.
  • If you have suspicions about a link in an email, visit the site using a saved bookmark or by searching for it.
  • If you receive an email from somebody you know that’s asking you to do something unusual involving money or passwords, try contacting them another way to confirm – give them a call or visit their office.
  • Keep all software up to date​, as this can help to protect against malware.
  • Forward any suspicious emails as ​attachments to phishing@napier.ac.uk. You can do this easily on a University PC by clicking on the ‘Report Message’ toolbar button in Outlook.

Where to get help

If you think you may have fallen victim to a phishing email, or just want a second opinion about an email you’re not quite sure about, contact the IS Service Desk. Reporting cyber incidents and near misses won’t get you into any trouble, but it does help to ensure that the University and its users stay safe.

What to find out more? this guidance from NCSC (National Cyber Security Centre) on Phishing attacks: dealing with suspicious emails and messages is definitely worth a read.