Five ways to spot a phishing email
1. How do you know the sender?
We have a lot of staff at the University so it’s unlikely you’ll have met everyone in-person. This is what makes the following advice tricky: “don’t interact with an email you weren’t expecting.” A lot of the time, we may receive queries from colleagues and students that we weren’t expecting. They may have been pointed in your direction from someone or found your email address in the staff directory.
An easy way around this is to check the sender address for legitimacy. For example, ‘email@example.com’ (IT Service Desk address without the hyphen). At a glance, it may look like a trusted company or colleague so look closely to spot spoofed email address.
2. Criticise the content
If you know the University, you know it’s out of the ordinary for a manager to request that you transfer them money or for IT Services to ask for your password.
Students and staff which are new to the University can be more vulnerable in this scenario which is why everyone completes the Information Security training when they start employment.
3. Check the links
Hover over the link and check the destination link. If you’re on a mobile, wait until you’re back at your laptop or PC.
4. Think of our style guide
If it’s from a colleague, they will most likely have a branded email signature.
5. Ask IT Services
Email firstname.lastname@example.org to query about any suspicious emails you have received recently.