Four ways to spot a phishing email

Bethany Reid
Thursday 19 September 2019

1. How do you know the sender?

We have a lot of staff at the University so it’s unlikely you’ll have met everyone in-person. This is what makes the typical phishing advice more difficult to follow, i.e. “don’t interact with an email you weren’t expecting.” We may receive queries from various colleagues and students that we weren’t expecting as part of our roles. They may have been pointed in your direction to ask for help or found your email address in the staff directory or on the website.

Firstly, check the sender’s email address. For example, ‘[email protected]’ instead of subtly different (first is missing a hyphen in st-andrews). Cyber criminals use this technique so that those skimming the subject and sender will assume it’s legitimate.

If you’re ever in doubt, check the University directory to see if they’re in it. Still dubious? Phone the person directly or ask the IT Service Desk.

2. Criticise the content

If you know the University, you know it’s out of the ordinary for a manager to ask you to transfer them money or for IT Services to ask for your password. If the email seems different to their usual tone or doesn’t contain their branded signature, scrutinise it. Classic telltale signs within the body of the email include:

  • A sense of urgency, i.e. something bad will happen unless you do as they say immediately. Your account will expire, you’ll lose money or data, you’ll be last to get the covid-19 vaccine, explicit images of you will be shared: all an attempt to make you panic, cloud your common sense and make you more likely to fall for it.
  • An incentive which seems too good to be true.

Students and staff which are new to the University can be more vulnerable in this scenario which is why new employees complete the Information Security training and students are introduced to IT security principles during Orientation week.

3. Have you checked the links?

Hover over the link and check the destination link. If you’re on a mobile, wait until you’re back at your laptop or PC.

It’s common for the urgent message (see tip 2) to be centered around a link. For example, ‘click this link or your account will expire’, ‘click this link to claim your lottery winnings,’ etc.).

4. Are there any attachments?

If there are any attachments on your email, check the file type and name.

File type

The most harmful types of malicious attachments are executable (.exe) files and compressed (.zip) files.

An .exe file is potentially dangerous because it’s a program that can do anything on your device once you open it. Zip files are often given friendly harmless names and used to hide malicious .exe files within them.

Be cautious if your word document or spreadsheet asks to run macros. Attackers can use macros to introduce malware on to your device. If you’re ever unsure, feel free to send the attachment on to us for analysis.

File name

Hackers will disguise viruses with friendly file names.

For example, you may be sent a phishing email with an attachment named ‘CV.docx’. The file is actually an .exe file and they’ve just named it to look like a Word Document.


If you’re unsure, ask IT Services

Email [email protected] to query about any suspicious emails you have received recently.


Share this story

Subscribe to the IT Services blog

Enter your email address to subscribe to this blog to receive notifications of new posts.