What is phishing?

Phishing is the name given to the practice of sending emails purporting to come from a genuine company or organisation operating on the Internet. The email attempts to trick the recipient into entering confidential information, such as credit card or bank details. The links contained within the message are false, and often re-direct the user to a fake web site.

Many fake emails can look very convincing, complete with company logos and links that seem to take you through to the company website, although this too will be a fake.

Several universities in the UK, including ourselves, have recently been targeted with "phishing scam" emails. These take the form of apparently knowledgeable emails, which appear to come from a University or Service Desk support team and ask for username and password information.

How to spot and avoid a phishing scam

The following are all common phishing scams:

  1. An email asks you to enter personal information, such as usernames, passwords, bank account details or National Insurance number into a form in the email.
  2. An email purporting to be from an organisation with which you have an account starts 'Dear valued customer' instead of mentioning you by name.
  3. The email content is of a frightening or threatening nature, such as 'Your account will be suspended unless you enter your username and password'.
  4. An email asks you to click on a link and enter personal information into a form on the website to which that link takes you.
  5. Another ploy is to send you a bogus order confirmation for an order you haven't placed, and ask you to re-enter your credit card details if you wish to cancel the order.

There are often clues which may help you spot that the email is fake:

  1. The reply address of the email is different from the sender's address. Don't look at just the display name -- look at the underlying address or email link target itself.
  2. The sending email address can be faked, so even if it looks valid that doesn't mean that the email itself is valid. Because replies to a valid address couldn't be picked up by the scammers, they will instead include a different address in the body of the email and ask you to send your details there.
  3. The reply address (and others) may be on a publicly available webmail service, such as hotmail.com or gmail.com. Anyone can set up such email accounts, but a legitimate company would have no reason to do so -- they've already paid for their own domain name and email facilities.
  4. The address of a faked website may appear to be similar to what you'd expect it to be, but the domain name is not the official one registered by the organisation. For example, Barclay's Bank's primary registered domain is barclays.co.uk, but a phishing email might link to an address such as barclays.biginternetbanks.com -- the scammers would have registered biginternetbanks.com and configured it to host their own subdomains and fake sites.
  5. The quality of written English is often not high.

The advice for avoiding these phishing scams is very simple:

  1. Delete any emails exhibiting suspicious characteristics.
  2. If you are at all in doubt that it might have been a genuine email, phone or otherwise contact the organisation to ask them if they have sent you this email. However, do not do this by replying to the suspicious email.

What do I do if I receive an email from the Service Desk at UWTSD asking for my University account details?

If you receive an email that asks you to provide login details do not respond to it, but forward the email as an attachment to ITServiceDesk@uwtsd.ac.uk or call the Service Desk on ext. 5055 (externally 0300 500 5055).

Please remember that the IT Service Desk will never send you an email requesting your username and password. In this context do not respond to such emails; do not provide the information requested.

Do not divulge your user account and password details to any third party; your password should only be known to you. Giving your username and password to someone may result in your email account being used to distribute spam email (risking all University email being blocked) and it may allow them to access and abuse your data and the University data for which you are responsible.

Example phishing scam messages

The following are examples of phishing email messages sent to University addresses. Clues indicating that they are scam messages are highlighted.

From: support@uwtsd.ac.uk [mailto:willsk@eircom.eu]
Sent: Thu 05/02/2009 12:36
Subject: Dear student.uwtsd.ac.uk User

Dear student.uwtsd.ac.uk User

Your email account has been used to send numerous Spam mails recently from a foreign IP. As a result, the student.tsd.ac.uk has received advice to suspend your account. However, you might not be the one promoting this Spam, as your email account might have been compromised. To protect your account from sending spam mails, you are to confirm your true ownership of this account by providing your original username (*******) and PASSWORD (*******) as a reply to this message. On receipt of the requested information, the “student.uwtsd.ac.uk” web email support shall block your account from Spam.

Failure to do this will violate the student.uwtsd.ac.uk email terms & conditions. This will render your account inactive.

Thanks for using student.uwtsd.ac.uk