phishing
Phishing attacks
Staff and Student University accounts are regularly targeted by phishing attacks. It's important you understand more about phishing and learn ways to protect yourself.
The impact of a successful phishing attack can be considerable and does not only include loss of access to your staff or student email but can be more intrusive and include personal financial loss and identity theft and reputational damage.
What is phishing?
Phishing is a type of social engineering attack designed to trick you into handing over personal information namely email and password. This can then be used to compromise your email, social media and other online accounts that may use the same email / password combination.
Most phishing attacks are sent by email, and cyber criminals will often impersonate someone or an organisation familiar to you, such as a fellow student, lecturer, IT or even campus administration. Phishing emails may look and sound like they are genuine, and they may even contain some of your personal information.
A typical phishing email will tell you that you need to do something urgently, for example login to a website or complete a form or download an email attachment.
Spotting phishing emails
Phishing emails have become very sophisticated and increasingly difficult to identify. However, there are some tricks that are used to try and get you to respond without thinking.
Here are some things to look out for when reading your emails:
Does the email... |
|
use a generic greeting? |
Phishing emails often use generic greetings like "Dear customer", “Hello”, or “Hi user”, although, more sophisticated emails may use your real name. |
contain any University branding? |
Phishing emails are often mass emails sent to numerous institutions and therefore do not contain University specific branding such as University Crest or a proper email signature. |
convey a sense of urgency? |
Threats and urgent warnings like "your account is about to expire - act now" are intended to cause panic so you act quickly without thinking. |
contain an offer that's too good to be true? |
Emails offering you free software or financial opportunities are often fake. For example, transferring or receiving money for someone else. If something sounds too good to be true, it probably is. |
contain bad grammar and spelling? |
It's unlikely genuine emails from legitimate sources will contain grammatical mistakes. |
contain attachments you were not expecting? |
Don't open attachments you are not expecting or from people you don't know. They may contain harmful viruses. |
ask you for personal information? |
Campus IT Services, or any other legitimate organisation will not randomly ask you for personal information over email. |
contain a suspicious link? |
Pause before you click on any links in an email. If you are using a computer, hover your mouse over the link to check that the actual address you’ll be taken to matches the address in the email. If it doesn't look right, don't click it. |
Actions to protect yourself
- Do not share your passwords with anyone.
- Do not respond to emails that ask you to confirm personal information.
- Do not click on or open suspicious links or attachments especially if you do not know the sender of the email
- If you're taken to a login page or website, never attempt to log in or enter your personal information – even if the website looks legitimate. Double check the website address to make sure it is one that you are accustomed visiting.
- If it appears to be from someone you know contact the original sender by phone or other message to verify the authenticity – that person might have been hacked and they are unaware.
If you think you have received a phishing email
- Ignore any instructions in the email
- Report the email by forwarding the message as an attachment. Students can send reports to stacitsfollowup@my.uwi.edu and Staff can send reports to servicedesk@sta.uwi.edu
- Delete the email.
If you have responded to a phishing email
- If you have entered your University password through a phishing scam then Log into the Student Portal and change your password. This is of utmost importance.
- Make sure you have the latest Antivirus definition and scan your pc/laptop for viruses and malware. The free version of Malwarebytes is also a good option to run.
- Not seeing any new emails? Check your Outlook "Rules" to ensure the hacker did not create any rules. Sometimes they create a rule to have all new mail redirected to your deleted items folder.
- Report the email by forwarding the message as an attachment. Students can send reports to stacitsfollowup@my.uwi.edu and Staff can send reports to servicedesk@sta.uwi.edu
- Ensure that you do not have any auto-forwarders setup to an external address. Microsoft recently prevented this for security reasons which is causing issues for students.
Here are some examples of recent Phishing Attacks:
Phishing Example 1:
Phishing Example 2:
Phishing Example 3: