Skip to main content Skip to navigation

Information Security, Risk and Compliance

Information Security awareness blog

Welcome to the Information Security awareness blog, your go-to resource for the latest in cybersecurity awareness. This blog offers practical tips, expert advice, and up-to-date information to help you stay secure in the digital world. Whether you're a member of staff or a student, you'll find valuable content to enhance your cybersecurity knowledge and practices.

Get in touch

If you'd like to submit an article for the blog or suggest discussion topics, please contact us: .

Show all news items

What email is that?

Alex, a university student, received an email that appeared to be from the university’s IT department. The email claimed that there was an urgent issue with his account and that he needed to verify his details by clicking on a link provided in the email.

Subject: Urgent: Verify Your University Account

From: IT Support it-support@warwickuniversity-verify.comLink opens in a new window

To: Alex

Dear User,

We have detected unusual activity on your university account. To ensure the security of your personal information, please verify your account immediately. Failure to do so will result in the suspension of your account.

Please click the link below to verify your account:

Verify Your AccountLink opens in a new window

Thank you for your prompt attention to this matter.

Sincerely,
IT Support Team
Warwick University


What should Alex do?

A few things came to Alex's memory:

1. The email looked official with a professional tone, however, Alex knows that a genuine email should not be generic. This one started with "Dear User" instead of addressing him by name

2. He noted the sense of urgency and threat in the email as they mentioned "account suspension" if he didn't act immediately to create panic

3. He hovered over the link and noted the URL does not match the university's official website.

Action Taken: Instead of clicking the link, Alex decided to verify the email’s authenticity. He contacted IDG directly using the contact information on the official IDG website.

Outcome: IDG confirmed that the email was a phishing attempt. By not clicking the link, Alex avoided potentially compromising his personal information.

Key Takeaways:

  1.  

    Be Sceptical: Always be cautious of emails that create a sense of urgency or use threats.
  2. Check the Sender: Verify the sender’s email address and look for any inconsistencies.
  3. Inspect Links: Hover over links to see the actual URL before clicking. If it looks suspicious, don’t click.
  4. Verify Directly: If in doubt, contact the department directly using official contact information.
Fri 31 Jan 2025, 12:55 | Tags: Case studies

Let us know you agree to cookies

We use cookies to give you the best online experience. Please let us know if you agree to functional, advertising and performance cookies. You can update your cookie preferences at any time.

Cookie policy