Email: Phishing and SPAM
What is a “phishing” email?
A “phishing” email is a hoax aimed at getting hold of your personal details or money. These come in many shapes and sizes, but a classic is “Dear customer, please click this link and fill in your account details or we will deactivate your account”, made to look as if it’s coming from your bank.
See our list of real examples for more.
- The University will never email or phone you asking you to confirm your account details.
- Any email asking for your bank details is a fraud, without exception.
- Just got a file or link in an email from someone you don’t know or weren’t expecting? Think twice before opening it as people may not be who they claim to be!
- If in doubt, contact our Help Desk on 73737.
These are our 4 simple tips to help you avoid become the victim of a phishing scam.
Identifying a phishing email
Here are a few traits that phishing emails tend to have in common. Watch out for them:
- They rarely contain personal information about you. Expect “Dear customer”, “Dear colleague” or the like.
- They often have bad spelling and grammar. Since they’re translated into lots of languages, you get things of the form “I hope you can this messege without effort!”.
- They’re often designed to be scary. “Act now or your account will be deleted!” – watch out for anything that tries to get you to act without thinking.
- If there’s an attachment, they really want you to open it. The attachment will contain some kind of virus. It’ll usually be in the form of a random short email like “Please see the attached invoice” with an attachment.
- They’re often designed to sound exciting. “You’ve won our lottery!” – don’t fall for it.
- They often contain dodgy links. The link may look legitimate, but hover over it and you’ll see where it actually goes. For example, www.amazon.co.uk or www.santander.co.uk.
- Even reasonable links may not be what they seem. Fraudsters can register addresses using letters from non-English alphabets - for example, note the 'b' in adoḅe.com - and use them to host a fake site. Even if the address looks right, the safest option is to re-type a trusted website name yourself.
What is email SPAM?
Email SPAM is when someone sends emails to lots of people who aren’t interested in them. Usually trying to sell you something.
What do ITS do to try to reduce the amount of SPAM?
As a distinctly visible target for spammers, the University has to take several measures to counteract the volume that we receive. These include:
- Blacklisting anything that we know sends out SPAM.
- Checking the address emails are sent from to make sure they’re genuine.
- Checking email contents for “spammy” phrases (like “weight loss pill”).
We assign each email a score after checking it against all our rules. If the score is too high, we mark it as SPAM. Unfortunately, we can’t be too strict, otherwise we risk blocking genuine emails, so some SPAM will always slip through.
If you’re interested, take a look at this very technical page detailing the full list of checks.
What can I do to reduce the amount of SPAM I receive?
Here are a few simple things you can do to cut the amount of SPAM you receive:
- Think carefully before registering on a website with your address. If you need to register, but you’re not sure of the site, you can register with firstname.lastname@example.org. You won’t be able to access any emails that go there, but it’s a valid address if you’re concerned.
- Think carefully about how often and where you list your email address on the Warwick website – is it in public view? If it needs to be on a page in public view, you can enter it as firstname dot surname at warwick dot ac dot uk to disguise it from programmes combing our site for addresses
- Don’t click “Yes” if you get a read receipt request – this is a way spammers can try to confirm your address is genuine before passing it to other spammers.
- Make your own rules using your email software (e.g. Outlook) to automatically delete things with certain phrases.