Phishing campaigns often target people at times when their guard is down. This could be during periods of change or upheaval, such as during Clearing or at the beginning a new term.
Most try to tap into your hopes, fears, guilt and curiosity. Cyber criminals are after your data, and other people's data you may have access to.
Follow these 6 tips:
1. Stop and think
Scams and phishing messages rely on you clicking, replying or entering information without checking first. If you are unsure, don't do it until you have confirmed the message is genuine. This training course covers how to recognise the signs of a potential phishing scam, so you can critically assess emails to make sure they’re legitimate.
2. Check twice, click once
If you have any doubts about a communication, check with the sender or IT Service Desk to confirm it is genuine before clicking on links or acting on requests. Malicious actors use public information about our staff to impersonate them, check email addresses as well as display names and be suspicious of messages from colleagues which are flagged as coming from outside the university.
3. Be suspicious
Be suspicious of messages informing you of an issue with your device that needs fixing. Neither the university IT Service Desk, nor your Internet Service Provider will contact you to fix an issue unless you've logged a call. The university will not introduce a new IT solution or process unless it has first been communicated through official channels, such as an email from the IT Service Desk or an article on Staff News.
4. Be security conscious
Even when you're not studying or working. Hoaxers don't care how they get through to you. For example, WhatsApp have released guidance on hoax messages. Make sure you approach QR codes within emails with caution.
5. Think about what you send too
Remember to always check your messages before you press send – are you sending it to the correct recipients?
6. Log out of shared devices
If you're studying from home and sharing devices with family, remember to log out of university systems, don't leave them logged in.
Find out how to identify a phishing scam
This 8-minute LinkedIn Learning course teaches you how to recognize the signs of a potential phishing scam. It takes you through several phishing examples and explains how to look critically at the email you receive. It covers some of the most common scenarios used by hackers and other tell-tale signs of a phishing email and shows you how to protect your computer from email phishing scams.
You've identified a malicious message, what next?
If you receive a suspicious email, do not click on any of the links or attachments. Use the Microsoft Report Message add-in for Outlook to notify IT Service Desk. You no longer need to manually forward the email to the IT Service Desk. Find out more about reporting suspicious messages here.
If you suspect you have clicked on a malicious link, please contact the IT Service Desk.
If you have any questions or comments on Information Security or Data Protection then please contact Information-Security@gre.ac.uk or compliance@gre.ac.uk.
