Skip to main content Skip to navigation

Phishing emails – don’t take the bait

A phishing email is a hoax designed to get hold of your personal details or money. These emails come in many shapes and sizes, but a lot of the time they’ll be designed to look ‘legitimate’ - for example, they may claim to be sent from:

  • DHL/UPS/Royal Mail
  • your bank
  • an area of the University, e.g. the Library
  • a high-profile member of the University, e.g. Stuart Croft.

Once you’ve opened an email, it will normally ask you to take action – to click on a link or open an attachment. This is usually what provides the scammers with the personal information they’re seeking.

How to avoid getting caught out

1. Read emails carefully before acting. Phishing emails may include a generic greeting (e.g. ‘Dear sir’), an overly-friendly tone, grammatical errors or an urgent request. Take a moment to consider the contents of the email before doing what it asks.

2. Exercise caution when opening links and attachments. Hover over any links to make sure they’re legitimate. If you’re unsure, contact the ITS helpdesk: helpdesk@warwick.ac.uk

3. Never reply to an email asking for your passwords, PINs or other account details.
The University will never email or phone you to ask for your account details. Likewise, any email asking for bank details will be fraudulent, without exception.

4. Verify the source. Check the sender’s email address when you receive an email and when you reply. Malicious scammers might be able to spoof the ‘From’ address in an email to make it look like it come from someone you know, but when you reply the address may change. If in doubt, type in the email address manually.

5. Report it. Report anything suspicious to the ITS helpdesk, including attachments or links you’ve clicked on.

6. Turn on two-step authentication. This will ensure that only you can access your Warwick account. Find out more about setting up two-step authentication

Find out more