Show/Hide navigation
University of Reading

Phishing attacks at the University - how not to get hooked

Saturday, 13 April 2013

phishing

What is phishing?

Phishing is a common way that fraudsters try to get access to personal data, usually by sending emails claiming to be from a trusted party.

'Spoof' e-mails lead consumers to counterfeit web sites designed to trick recipients into divulging financial data such as credit card numbers or account details for financial fraud or login usernames and passwords to enable spamming through the account.

Hijacking brand names of banks, e-retailers, delivery companies or even the University, phishers often convince recipients to respond.

Never divulge your password

Another recent phishing scam came via an email that appeared to be from IT Services asking staff to click a link and type in their user name and password. With this information, fraudsters are able to send a significant quantity of Spam from University servers. This can cause knock on effects, with our legitimate email being marked as Spam. Spammers may also interfere with your email account and your account may be blocked by IT Services until the situation can be brought under control.

How can you tell a phishing scam?

While phishing scams are becoming more sophisticated, there can often be telltale signs that something is amiss in the email:

  • are there spelling mistakes, or does the wording not have quite the same tone as other communications you have had from that person or organisation?
  • if you do follow a link from an email, check the website address carefully. Is it what you expect?
  • be wary of following any link in emails that take you to a login screen. These may be convincing but may not be genuine. A simple rule is, do not click links you are not sure of
  • think about whether the person or organisation the email seems to be from is really likely to ask you for the information
  • use your mouse to hover over the link to see if it actually redirects to a different website address


You should always be suspicious of links received by email. If you have any doubts about it, then contact the sender or IT Services.

Note that IT Services will never ask you to provide your password in an email.

For further details of scam emails and other IT Services information, please visit their website.