HomeHome Most Helpful TopicsMost Helpful Topics
RSS Feeds
DrillDown Icon Contents Back
 . . . . . . . . . . . . .
DrillDown Icon Library & IT Self-Help
DrillDown Icon Menu
DrillDown Icon Online Resources
DrillDown Icon Library and Digital Support
DrillDown Icon IT Services
DrillDown Icon Single Sign-On
DrillDown Icon Web Filtering
DrillDown Icon Announcements
DrillDown Icon Halls wireless printing
DrillDown Icon Student Halls - using Gaming devices,SMART TV and Amazon Echo speakers
DrillDown Icon Printing (Multi-functional devices)
DrillDown Icon Student IT Pocket Guide links
DrillDown Icon Mapping the PUPSMD 'R' drive to your computer
DrillDown Icon Re-imaging a computer or laptop
DrillDown Icon Mobile computing
DrillDown Icon Out of Hours Computing exam support
DrillDown Icon Apple Support
DrillDown Icon Staff Mac fleet
DrillDown Icon PlymMac 7
DrillDown Icon Windows 7 Service
DrillDown Icon Accounts
DrillDown Icon Applications
DrillDown Icon Email
DrillDown Icon Accessing generic mailboxes via Office 365
DrillDown Icon Redirecting email
DrillDown Icon Office 365 and OneDrive
DrillDown Icon Setting up a new outlook profile or adding mailboxes. Office 365
DrillDown Icon Access email from home
DrillDown Icon Connecting to another email account
DrillDown Icon Blocked attachments & Zip files
DrillDown Icon Calendars
DrillDown Icon Changing email format
DrillDown Icon Contacts
DrillDown Icon Delegate accounts and private email
DrillDown Icon Digitally sign and encrypt email in Outlook
DrillDown Icon Email address
DrillDown Icon Grouping in Outlook
DrillDown Icon Mailbox size - check
DrillDown Icon Message Header
DrillDown Icon Out of office
DrillDown Icon Personal distribution lists
DrillDown Icon Phishing emails
DrillDown Icon POP3
DrillDown Icon Recall email message
DrillDown Icon Restore deleted messages
DrillDown Icon Set Outlook for the web default reply behaviour
DrillDown Icon Shortcut to another mailbox
DrillDown Icon Signature
DrillDown Icon SMTP
DrillDown Icon Stopping Junk mail
DrillDown Icon Spam
DrillDown Icon Business Card
DrillDown Icon Email - creating reusable text
DrillDown Icon Checking mailbox usage from Outlook Web Access
DrillDown Icon How do I request a generic email account?
DrillDown Icon How do I request a global distribution list
DrillDown Icon File Space
DrillDown Icon Software
DrillDown Icon UNIT-e
DrillDown Icon Hardware
DrillDown Icon IT Training & Documentation
DrillDown Icon Telephony
DrillDown Icon Web
DrillDown Icon PC Finder Tool
DrillDown Icon Staff Guidance Leaving the University
DrillDown Icon About TIS
DrillDown Icon IT Service Catalogue
  EMail This ArticlePrint PreviewPrint Preview Current Article/Category with all Sub-Articles/Sub-Categories
 
Phishing emails

Phishing

What is phishing?

Phishing is the name given to the practice of sending emails purporting to come from a genuine company or organisation operating on the Internet.  These scam emails attempt to deceive the recipients into entering confidential information such as credit card or bank details, passwords and account data.  The links contained within the message are false, and often re-direct the user to a fake web site.  Many fake emails can look very convincing, complete with company logos and links that seem to take you through to the company website, although this too will be a fake.

How can I tell if an email is genuine or fake?

You need to be alert to the threat as there are often common clues that may help you identify a phishing email. For example, you may find that the email:

•    Has come from an unexpected email address (e.g. @hotmail.com, @gmail.com or @yahoo.com) instead of one associated with the organisation that is claiming to be contacting you.

•    However, you should never respond to any email including internal email addresses, that ask you to provide confidential information even if the email appears to come from a genuine source.  The University will never ask for such information via email.

•    May contain poor spelling and grammar, and/or a lot of capital letters

•    Warns of a big change but has no email address or phone number for further information

•    The message will have minimal content other than a link or button to click through to a web page that prompts for your user ID and password.

What happens if I respond to a phishing email? 

If you unsuspectingly divulge your University account username and password to a third party, you could be putting yourself and the University at risk.

•    Your email address may be accessed and used to send tens of thousands of spam emails to others.

•    Microsoft will place a block on your email account for 14 days (2 weeks), during this time you will not be able to send email from your university email address.

•    Compromised accounts could lead to email from Plymouth University being delayed or blocked by other universities and Internet Service Providers (ISPs) including our main provider Microsoft.

•    If you handover you login credentials the attackers could access the record systems to steal your bank details, home address, national insurance number and employment details – all of the ingredients needed to commit financial fraud and identity theft.

•    You will have given an unknown third party access to all university data that you have access to.

•    The University’s public image could be damaged if vital information is hacked e.g. from student or staff records.

•    Other students and staff are at risk from hacking and may be denied access to other services .

 

Isn’t my account protected?

The University detects and blocks some 10000 attacks every month. But sometimes the protection is breached, usually from an internal source and so it is inevitable that a small percentage of this constantly evolving phishing threat will make it through to your inbox - before being identified and blocked from causing further disruption.

How can I stay safe?

Use the following tips to protect yourself and the University.

  • Never disclose personal information in response to an email. University staff will never ask you to reveal your login details via an email
  • Never type your username/password details into an unknown website that has opened after clicking a link in an email
  • Treat your University IT account details as highly confidential and a way of accessing sensitive information – never disclose your login ID or password to anyone outside the University
  • Avoid using your University account password on other internet services outside the University
  • Look carefully at who the email is from and the content. If it is not an email you were expecting or it is inviting you do something suspicious or unexpected then review the content against the ‘five things’ NB it may have been sent from a compromised Plymouth University email address – DO NOT respond to any request for your password or confidential details.
  • Even if you suspect an email message may be genuine, do not click the links within the mail message.
  • Does the e-mail contents make sense?  Are there obvious spelling/Grammar mistakes?
  • If in doubt telephone the sender to check if it is genuine
  • To report a phishing email, please forward the email to:

      Staff:  Uop.phishing@plymouth.ac.uk
      Students:  Uop.phishing@students.plymouth.ac.uk
      Post Graduates:  Uop.phishing@postgrad.plymouth.ac.uk

  • If you need further advice phone the service desk on 01752 588588.

 

Remember, the only person who needs to know your password is you. Do not trust any email that asks you to provide your login information.

 

 

·         If you suspect your account has been compromised, IMMEDIATELY contact the service desk via 01752 588588 to re-secure your account.

 


If you need any further advice on spotting phishing email, please review the links below for further information and reading

Billy the Seagull goes phishing
Anatomy of a Phishing Message (a webcast produced by Professor Steve Furnell)
Social engineering: Exploiting the weakest links
University IT Policies, Rules and regulations 

 

Modified 21/02/2019