Why am I here?
If you’re reading this page, it’s very likely that you have received a phishing email. Perhaps you received a mail telling you that your WebMail Account is full and you must enter your password to unlock it; perhaps you have received an ‘Urgent Attachment‘ and you must log into a webpage to receive it, or that your ‘Recent Transaction‘ was successful and you must enter your bank details to confirm.
This type of email is called a ‘phish’ and it was written by a criminal, sent to thousands and thousands of users just like you, in the hopes that one person, just one, will fall victim and reveal their password.
This advice is to ensure that in future, this person isn’t you.
What does a ‘Phish’ look like?
This is a difficult question to answer, because there are thousands of phishing campaigns, and new versions are being written every day. Fortunately, there are some common factors that you should always be looking for when reading your email:
Let’s look at this mail in a little more detail;
- The email looks like it is from your IT Support – this is so you will trust the email
- The email gives you a terrible warning or threatens you – this is designed to make you panic
- The email asks you to enter your password in a strange place – this will steal your password
The last point is the most important – a phishing email always wants to steal your password or other personal details. You could be asked to email your password as a reply or perhaps type it into a strange website:
Ok, phishing is bad, what can I do?
The most important thing is to understand that phishing emails are so common they happen every day, it’s a problem that affects everyone. It is (almost) certain that you will receive a phishing email in the future. It might be very convincing. You must prepare yourself to protect your privacy and your personal details:
- Read emails carefully – if an email doesn’t sound like the person it appears to be from, or asks you to do something strange like log in to a website, be very careful
- Be extra suspicious of ‘official’ emails – if the email is from ‘Webmail Team’, ‘PayPal Account Team’ etc there is a chance it is a phishing email with a forged sender field, check the sender address
- Double-check – if you have a scary email from a colleague or department, get in touch with that person directly and double-check before doing anything that might risk your information
- Contact OxCERT – if you receive a mail that you are sure is trying to steal your password, forward it to firstname.lastname@example.org and our security team can block the phishing websites
Don’t be afraid to ask for help. Your local IT Support and the Helpdesk can help you to understand if a mail is real or a phish, especially if it looks like it comes from them!
You can also learn about phishing to protect yourself in future:
Oh no! I think I have given away my password!
Ok, it’s very important that you contact your local IT Support immediately. You can find out who your local IT contacts are from your department, college or unit. We also advise that you change your passwords as soon as possible, especially if you use the same password for many different services and computers.
If you have been phished on a non-University account (your personal email, social media or financial information) then you should report it to the appropriate service and change your password.
If you use the same password for both your University and personal accounts, please contact your IT Support team or the Helpdesk immediately
You can also report non-University phishing campaigns (for example, fake PayPal pages, Barclays ‘Invoices’ etc) at http://www.actionfraud.police.uk/ or APWG Phishing Reports to help other users stay safe online.