Phishing awareness

Remember to:

  1. Look at the email address, not just the senders name
  2. Look for grammatical mistakes, not just spelling mistakes. 
  3. Hover your mouse over any links, to check they go to a valid address/destination. 
  4. Look out for a sense of urgency.
  5. Follow your instincts, if it feels dodgy, it probably is!

Delete it from your email.

  1. Delete the email and change your IT account password, which you can do by pressing ‘Ctrl, Alt, Delete’ and selecting ‘Change a Password’, if on campus. If off campus, you will need to register for the self service reset at 
  2. Contact the IT Service Desk using and let them know that you have received this phishing email and that you have changed your password.
  1. If you have opened the email and provided any financial details, please contact your bank as a matter of urgency. 
  2. If you have entered any personal data at all – login details like name/email and password, change your IT account password straight away by pressing ‘Ctrl, Alt, Delete’ and selecting ‘Change a Password’, if on campus. If off campus, you will need to register for the self service reset at 
  3. Contact the IT Service Desk using and let them know that you have opened and clicked on a phishing email and that you have changed your password. 

Hackers either buy or use old email addresses which are freely available on hacking sites. 

Yes it is, however if your username and password is given away in a Phishing attack this opens the University address book to everyone who has hacked that compromised account. Each compromised account can see a number of different hackers using it.

The evidence tends to indicate that the email addresses in circulation across hacking sites are extremely old, if and when University IT accounts are found on hacking sites with a username and password these accounts are immediately disabled.

There are regular Phishing campaigns that are targetted at Universities. These include pretending to be from the tax office HMRC and the offer of a tax refund, messages pretending to be from the Student Loan Company and invitations to join your contacts on applications like Teams, WhatsApp and Microsoft Office.