[26 February 2013]
There have recently been a number of scam emails aimed at getting staff to voluntarily disclose their University username and password.
These "phishing" attempts can be quite sophisticated and convincing.
Common features of such phishing emails include:
asking for personal information, for example, asking you to click on a link and enter personal information, such as your UoB username and password, into a web form.
purporting to be from the University but the message is unsolicited, unclear and often with links to non bristol.ac.uk / bris.ac.uk addresses.
being told that in order to ensure continued access to your account, to increase your email quota, or create your new email account that you must reply to the email your username of password or visit a website.
Remember that in an email it is very easy to impersonate a sender; you cannot trust the address in the 'From' field. Please note that the University will never ask you to disclose your password.
On rare occasions IT Services may need to contact you about your account or request that you change your password, we will direct you to the University's secure "Changing passwords" web page at: https://www.bristol.ac.uk/password. Please familiarise yourself with the look and feel of this web page. We have also seen copies of University webpages and would therefore advise that you hover the mouse over the link given in an email and check the actual link shown matches what is in the email and is a bristol.ac.uk / bris.ac.uk address as it is easy to show one link but have that link take you elsewhere.
We will never ask you to supply your username and password by email.
If you receive any email communication which you suspect may be a phishing scam, or if you have responded and provided your username and password, then please contact the IT Service Desk for advice. We would much rather you check than take the risk of revealing your University username and password.
Additional information on protecting yourself from phishing can be found on the Information Security website.