Phishing? Think Bait!

 

Phishing emails attempt to trick you into providing personal and sensitive information, often by pretending to be from a source you trust.  

IT Services receive numerous reports of phishing scams, and the potential impact of providing your personal information, including your University of Suffolk username and password, can be damaging. Learning how to identify phishing emails is important in protecting the data we are all responsible for, both at work and at home. 

At the University of Suffolk, our advice is that if you suspect phishing, think BAIT!

 

Be Vigilant!

During a busy day, in our efforts to clear the Inbox we may skim over emails without considering their authenticity. It’s important to learn some of the signs that an email may not be genuine, and these are summarised below: 

 

  • Generic greetings – Dear User, Dear Client
  • Poor spelling and grammar – Please click below to unlock your Message and account continual usage, it takes few seconds
  • A sense of urgency – Your email password has been stolen, click the link immediately or your account will be disabled
  • An attachment they want you to open – Your revised pay slip is attached
  • Embedded links – You think it’s a link to somewhere genuine, but if you hover the mouse pointer over it, the actual link is going somewhere else.

 

We’ve highlighted how these might appear in the image below. This was a phishing email that was received by a number of staff at the University of Suffolk.

 

Alert the IT Service Desk!

If you’ve received an email you know is phishing, or you think it is and want to check, forward it as an attachment to itservicedesk@uos.ac.uk

Don’t assume we’ve already been made aware. We would rather receive duplicate reports of a phishing email than none at all. The earlier we know about it, the sooner we can take steps to limit its impact across the University.

We’ll usually announce serious phishing attacks on MySuffolk or through our IT Service Desk social media pages. Follow us on Twitter.

Inform us if you’ve made a mistake.

Mistakes happen – if you’ve unintentionally provided your account details after clicking a link in a phishing email, or replied to an email that isn’t genuine, please contact the IT Service Desk immediately.

You’ll need to change your password straight away, so it’s important you’ve set up your security profile on the password reset portal. 

Take Action!

There are a number of resources to learn more about protecting your data, and organisations that actively encourage you to report phishing emails for analysis.

To start with, click on the below link to view a short Lynda.com video on avoiding phishing scams:
https://www.lynda.com/Business-Software-tutorials/Avoiding-Phishing-Scams/624136-2.html 

The Action Fraud website provides further advice and has a regularly updated section on the latest scam emails to look out for. You can also use the site to report phishing attempts not directly related to your University of Suffolk account.

If you are interested in how many phishing emails we block each month, please visit this page.