Phishing Scams
Phishing scams aim to trick you into giving out your personal details such as usernames, passwords or bank details, or to send money. This can be done by email, text message or over the phone.
On this page, you can learn how to spot a phishing scam, what to do if you’ve clicked on a suspicious email and how to report it to help keep our community safe.
How to spot a phishing scam
Phishing scams often have tell-tale signs. When you receive any email or text message, look out for the following things.
- Too-good-to-be-true offers. For example, a phishing scam could offer a very expensive item for a bargain price. Remember, if it looks too good to be true, it probably is.
- Suspicious senders that “don’t look quite right”. Be on the lookout for email addresses that are slightly different from the official one or contain strange characters.
- Suspicious links or attachments. For example, an invoice when you haven’t bought a product or service.
- Spelling or grammatical errors. This is a deliberate tactic phishing scams use to:
- Bypass spam filters that look for specific keywords
- Mimic casual speech to seem more realistic
- Deliberately filter for targets who may be more susceptible to scams
- Pressure, threats, or urgency. Scammers use this tactic to make you panic and be more likely to engage with the scam.
- Requests for personal information or passwords.
Phishing scams can often be very convincing, which is why you need to read every communication carefully.
Clicked on a phishing email? Here’s what you need to do:
Don’t worry, it can happen to anyone. If you clicked on a suspicious link in an email to your student email address, contact the Service Desk immediately. The team will check your account, reset anything that’s needed and make sure your data stays secure.
Every time you receive a phishing email – even if you don’t click on a suspicious link - remember:
- Always report phishing emails – don’t ignore them
- Don’t click any links or open attachments
- Don’t forward the email
- Don’t reply to the email
Reporting a phishing scam
Reporting is quick, simple, and the safest way to deal with anything suspicious. Reporting a phishing email does more than remove it from your inbox: it strengthens security for everyone. When you report a suspicious message, it will:
- Remove the email from your inbox to keep you safe
- Help block similar threats in the future by improving our filters
- Notify the University’s Information Security Team so they can investigate the email and take further action if needed
How to report a phishing email
- There are different ways to do this dependent on what device and email client you’re using, as well as whether you’re using an app or checking emails in your browser.
- Most email clients will have a ‘report’ button when you are viewing an email, and many will give you the option to report an email specifically as phishing.
- Report buttons can generally be found in multiple places: the toolbar when viewing an email, by right-clicking an email in your inbox, or by using a drop-down menu when viewing an email
There are a few ways to report a phishing email in Outlook:
- In the toolbar at the top of the screen, click ‘Report’, then ‘Report phishing’.
- Click the three dots at the top right-hand side of the email reading pane. Click ‘Report’, then ‘Report phishing’.
- Right click the suspicious email in the message list. Click ‘Report’, then ‘Report phishing’.