Skip to main content Skip to navigation

Centre for Teacher Education

Academic Technology news and updates

This page contains updates about new technologies or developments in current technologies and information about TEL events that you might find useful.

Show all news items

Phishing and Social Engineering Awareness

Phishing is ‘the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.’ Other similar scams exist including Spear-Phishing (similar to Phishing but targeted at specific individuals rather than anonymously at large groups of people); Whaling (targeted at executives and higher level managers who potentially have access to much more sensitive information than normal employees); Smishing (yes that is a real word apparently) which is Phishing via SMS messages and Vishing which is like Phishing but via voice rather than email.

Social engineering is the ‘art’ of manipulating people so that they reveal confidential information. Fraudsters use social engineering tactics because it is generally easier to exploit our natural inclination to trust, than it is to discover ways to gain access to our software and personal details. Example methods employed range from emails asking for your help e.g. ‘I’m stuck in a foreign hospital and have no money to pay for life-saving surgery’ to messages claiming that your bank account has been compromised and that you need to login to your bank to change your password.

Suspicious email components to look out for include:

  • Links within the email message that do not go to where they say they do (you can check this by hovering over the link without clicking on it and checking that the address).
  • Attachments you were not expecting.
  • The message asks for personal details such as passwords or credit card information.
  • The grammar within the email is poor (although increasingly this is not a reliable indicator of a phishing email).
  • Messages that sound too good to be true (e.g. you have won the lottery).

Here is an example of a phishing email:

Example phishing email

The advice is generally if in doubt, do not follow the instructions in or reply to any messages that you are suspicious of. Forward any suspicious emails to helpdesk@warwick.ac.uk in the first instance and they will escalate the issue to the information security team if necessary.

Here is a copy of the presentation from the session.

Thu 27 Jun 2019, 08:59 | Tags: IT Services, Online security