How to identify and respond to a phishing email.
Please also see this FAQ: I have received an email asking me for my username and password. What should I do?
Identifying a phishing email
Phishing emails are messages which are sent to try and obtain personal or financial information from you, or to try and trick you into making payments to fraudulent bank accounts. IT Services do what we can to prevent spam emails being received, but it is not possible to prevent them all getting through to your inbox.
On this page, we outline a number of ways that you can identify a phishing email. If you are still not sure whether or not the email you have just received is a scam or not, just delete it. If you’ve received a message claiming to be from a tutor, school or department and you think it might be fraudulent, delete the message and then separately contact the individual or office.
What do you need to be aware of?
- Always be suspicious of any requests for passwords, PIN numbers or personal or financial information. You should never send this information by email.
- Always be suspicious of any email which includes bank details. No reputable organisation will email you their bank details or inform you of a ‘change’ to their bank details via email.
- Phishing emails are becoming increasingly sophisticated and may include information which has been gathered from your social media accounts to make the email look more believable.
- Some phishing emails will appear to come from a familiar email address (such as @sussex.ac.uk). This is easily falsified. Don’t just use the sender’s address to trust the message.
- Some phishing emails will include University graphics or logos which have been copied from our website.
- Do not call any phone numbers in suspicious emails. If you decide to contact them, go to the organisation’s web site and use the contact details there.
- Beware a false sense of urgency: phishing messages often try to encourage you to make hasty decisions by making threats or creating a sense of worry. Messages sent on a Sunday morning with “24 HOURS TO RESPOND” in the message mean that you may think you only have a couple of hours to respond when you arrive on Monday morning.
- Hover over links (if your email software allows this) and you will see where you are really going to. Be suspicious of shortened URLs as you don’t know where they lead. Remember the blue text in the email is almost certainly not the actual destination of the link.
- Never click on the ‘unsubscribe’ link. This will only serve to confirm that your email address is valid.
- Poor grammar is common in spam email. Genuine University emails will not be littered with poor grammar and spelling mistakes.
Remember: The University will never ask you to send your password by email.
Please also see this FAQ: I have received an email asking me for my username and password. What should I do?
An example of a typical phishing email:
Security alerts
Beware of the latest attacks:
Re: Password reset
13 December 2018
Apply for your Council Tax refund
13 December 2018
Urgent to all residents of the building
11 December 2018
Application to offset taxes by refunds or rebates!
6 December 2018
Invoice KX-11-52135
30 November 2018
Apple account warning
27 November 2018
support@sussex.ac.uk, Account Verification Request.
23 November 2018
Hello, Are you available please? Get back to me here. Thank
22 November 2018
Are you on campus
19 November 2018
Urgent
13 November 2018
Urgent Issue (email 95% full)
29 October 2018
Password is compromised (blackmail scam)
24 October 2018
You have one new message
24 October 2018
Refund reference number [fake reference] / 2017 - 10/19/2019
19 October 2018
[MSG}{TAX_Refund-NO.UK-hmrc-03334||24.hours.for.confirmation
18 October 2018