Phishing is used by criminals as a way of trying to trick you into revealing personal and sensitive information about yourself, like your username, password and bank details.
Phishing emails can pretend to come from large trusted organisations or people, like your bank, Apple, Amazon, HMRC, Student Loans Company, your boss, your employer’s payroll office, or even from the IS Service Desk.
Phishing emails sometimes try to create a sense of urgency and will imitate that they are from someone in authority.
The link within the email will point to a site that looks exactly like the real organisations website so you would feel confident to input your data.
Phishing messages can look very real and take you to web sites that look authentic.
Spam is any sort of unsolicited email and represents a huge proportion of all email. In fact, the University received around 10 million spam emails in 2018!
Most spam emails are filtered but some will still get through, so be vigilant.
These emails could be trying to sell you items such as cheap medicines or electronics, or it could be trying to engage you in a scheme with claims of lottery wins, windfalls from princes and presidents in distant lands or even the promise of eternal romance.
Throw them in the BIN.
These are much more targeted attacks to individuals. You are usually asked to reply with sensitive information. you might also be asked to click on URLs or invited to download malicious attachments
SMiShing is short for SMS phishing and targets mobile devices.
It uses text messages to trick people into downloading Malware or viruses to devices by visiting a URL.
Threatening and Fradulent Emails
Attackers will try and:
- Embarrass You
- Try to make you panic
- Threaten You
- Use Uncomfortable Content
- Tell you that they have your password
- Masquerade as a legitimate company
- Try to entice you into doing something rash
Do not panic or click on any links if you receive one of these emails.
Contact IS Service Desk who will be able to help.
Criminals use email scams to target people from all walks of life because it is a profitable business for them AND they are good at it.
Please do not feel silly for falling for a swindle but DO act quickly by reporting it.
Information Security provide an online training course, which has lots of useful information.
It can be found HERE.
We would encourage everyone to complete this training, as security within the University is everyone’s responsibility.
- Be sceptical, what does your “gut” say?
- Don’t click on links – visit site directly
- Use long passwords or a pass phrase
- Inspect any links in the email
- Be aware of your online presence
- Keep all software up to date
- Never pay any monitory demands
- Don’t disclose login credentials
- Forward any suspicious emails as
- Attachments to: firstname.lastname@example.org
If you are in any doubt or if you have clicked on any dubious links within an email, contact the IS Service Desk who will be able to help and advise you.
Trust your instincts. If it does not feel right…it’s probably not.
- Do not click on any links within the emails.
- Go to websites directly and navigate to their login screens.
- Check emails are legitimate, contact sender if required.
Information Services will NEVER ask for your Username or password.
Forward the original email as an attachment to email@example.com.
Information Security provide a online training course which has lots of useful information. It can be found HERE.
We would encourage everyone to complete this training as security within the University is everyone’s responsibility.
Do Your Part – Be Security Smart
- Call IS Service Desk – 0131 455 3000