1. The home of current students
  2. Academic Life
  3. IT Services
  4. Cyber and Information Security
  5. Cyber & Information Security Awareness
  6. Phishing

Phishing

 

 

Phishing

- how to avoid being hooked!

An at symbol on a fishing hook

Phishing is an attempt to steal your identity, your money, or sensitive information, by tricking you into revealing personal details or by installing malware to your device.​ It's important to remember that phishing is simply an attempt to get you to provide information that is useful to the fraudster and this can happen via email, phone, text message, in person or via any communication channel such as social media. Always verify the identity of the individual you are dealing with, don't take anything on face value, and if you're not comfortable then it's OK to say 'No'. A genuine individual will understand your concern.

Whilst some Phishing attempts may have a generic, unfamiliar approach (often a tell-tale sign of a Phishing attempt), this is not always the case. A style of Phishing known as Spear Phishing targets a specific individual, by addressing them personally or by appearing to come from a known colleague or associate.

Phishing attacks will try to get you to reveal your usernames, passwords, bank details, credit card numbers and anything else the attack may be able to use to access your personal and University accounts. These messages often appear urgent, insisting the recipient acts immediately, reducing the likelihood of you consulting another person.

Cyber criminals regularly launch phishing attacks on University staff and students due to the appeal of the sensitivity of the data held and processed, such as personal data, financial data and sensitive research data.


Things to look out for:

  • Poor spelling or grammar
  • General greetings
    • Perhaps not addressing you by name, when you would expect them to
  • Suspicious links
    • Hover over the link to see the web address, to check it is what you expect it to be, before clicking on it
  • Mismatched email domains 
    • Most organisations will never email you from a “personal” email provider such as Gmail or Hotmail
    • Misspelt domain names for example micr0soft.com opposed to microsoft.com or swansee.ac.uk opposed to Swansea.ac.uk
  • An attachment that you are not expecting to receive


How to report an email you think might be a phishing email: 

  • In Outlook, choose “Report as Junk” or “Report as Phishing” by highlighting the email that you want to report and choosing the option from the drop down on the Outlook ribbon
  • Forward the email to spam@swansea.ac.uk
  • Log a ticket through the IT Service Desk

Phishing Webinar Recording