Authenticating...
Could you spot a phishing scam email?
By: Communications
As cyber-attacks become more sophisticated, we all have a role to play to protect our data, personal information and digital assets in both our work and personal lives. One of the most common ways criminals try and get hold of this information is through ‘phishing’ emails.
Phishing emails will try to steal your account details and can appear to be from people or organisations you know. They may contain links to fake websites that look official and ask you to provide personal or valuable data such as your IT account password, bank details or payment card information.
In September this year alone, over 1,500 phishing emails were sent to UEA accounts. Anyone can fall victim to a scam, so it’s important to be on your guard and if you are not sure of something take the time to get the right advice.
A lot of work has already been done to strengthen UEA’s cyber-security defences against these kinds of attacks by ITCS and the Digital Transformation programme, but there’s some simple steps we can all follow as individuals to reduce the risk.
Read though our guidance below so you know what to look for and what to do if you spot something suspicious. You can also visit the Phishing page on My.UEA, which includes detailed guidance, as well as information on managing your Outlook email quarantine.
What to look out for
Colleagues should never ask for your login details or personal information by email.
- Who is the email from? Hover your mouse over the sender’s name to see the full email address and look for mistakes, like ua.ac.uk instead of uea.ac.uk
- The subject line is often worded to create a sense of urgency, asking you to take immediate action
- The message may contain an attachment, which could be used to install malware on your computer if clicked/opened
- Phishing messages often start with a generic greeting (e.g. Dear Client) instead of your name, contain grammatical errors and misspellings, and call for an immediate reaction
- A hyperlink or a button that you are asked to click and request personal or financial information or asks you to update your account information or password
- The email signature will often be generic, with no indication of how to contact the sender.
Think you have received a phishing email?
If you have not responded or clicked a link/opened an attachment
- In Outlook, use the Report Message button and select ‘phishing’ in the drop-down menu (visit the Phishing page on My.UEA for step-by-step guidance)
- For other email clients, the message should be reported to the IT Service Desk (select log a new ticket and search using 'phishing' to locate the correct form) and then delete the email.
- If the suspect email seems particularly targeted against you – report it to the IT Service Desk (as above) as it may indicate a targeted attack.
You can also watch a short video ‘Avoiding Phishing Scams’ on the LinkedIn Learning platform for more information.
What if I have clicked on a link or replied to the email?
If you think you have engaged with an unsafe email, support is available. Follow the simple steps below and the IT Service Desk is also on hand to provide further advice if required.
- If you think you may have compromised the safety of your bank details and/or have lost money due to fraudulent misuse of your cards, you should immediately contact your bank, and report it to Action Fraud
- Change your password immediately using the Self-Service Password Reset (SSPR) function
- Report it to the IT Service Desk (as above) giving as much detail as possible, including the suspect email. This will help ITCS take action hopefully to prevent others within the University falling victim to the same phishing attack
Phishing email simulation campaign
Next year, the University will be running a phishing email simulation campaign across all Divisions and Schools. Much like a fire-drill, the campaign is designed to be informative and raise awareness of some of the most common phishing scams.
It is designed to better understand overall behaviours of the UEA community to reduce our risk to cyber-attacks, rather than record the actions of individual colleagues.
Simulated phishing emails will be sent to colleagues’ UEA email accounts and depending on your engagement with the ‘unsafe’ email, there will be an option to take part in a seven-minute training session (this will not be part of your staff training record).
Sean Green, Director of Digital and Data, said: “Universities are popular targets of cyber criminals due to all our valuable data, so it’s important as a community we do all that we can to reduce our risk. The campaign is not designed to catch anyone out, rather it’s an opportunity for us as an organisation to inform on best practice, which will hopefully prove beneficial both in the workplace and at home.”
Related Articles
UEA’s virtual private network is changing
The way staff securely access the UEA network when working around campus or remotely is changing. The new virtual private network (VPN) client will be deployed directly to all UEA managed devices in the coming months.
Read more
SITS upgrade
As part of the University’s Digital Transformation programme, extensive work has been carried out to upgrade SITS, the platform we use to manage our student data.
Read more
Award-winning recruitment
HR Services team win the Technical Innovation Award at the Online Recruitment Awards for the transformation of the University’s recruitment process and the implementation of Eploy, an automated end-to-end Applicant Tracking System.
Read more