Beware of phishing emails

Padlock

[28 October 2015]

There have recently been a number of scam emails aimed at getting staff and students to voluntarily disclose their University username and password.

What are phishing emails?

These "phishing" attempts can be quite sophisticated and convincing.

Common features of such phishing emails include:

  • asking for personal information, for example, asking you to click on a link and enter personal information, such as your UoB username and password, into a web form.
  • purporting to be from the University but the message is unsolicited, unclear and often with links to non bristol.ac.uk / bris.ac.uk addresses.
  • being told that in order to ensure continued access to your account, to increase your email quota, or create your new email account that you must reply to the email your username of password or visit a website.

Remember that in an email it is very easy to impersonate a sender; you cannot trust the address in the 'From' field.

How will I know if it is an official University message?

Please note that the University will never ask you to disclose your password. On rare occasions IT Services may need to contact you about your account or request that you change your password, we will direct you to the University's secure "Changing passwords" web page at: https://www.bristol.ac.uk/password. Please familiarise yourself with the look and feel of this web page. If concerned go to the website and search for the page rather than clicking the link.

We have also seen copies of University webpages and would therefore advise that you hover the mouse over the link given in an email and check the actual link shown matches what is in the email and is a bristol.ac.uk / bris.ac.uk address as it is easy to show one link but have that link take you elsewhere.

We will never ask you to supply your username and password by email.

Please be aware that messages with the announcement at the top stating that "This message was not sent to Spam based upon your organisation's request" may still be a phishing attempt.

Checking that an email is from a legitimate University of Bristol email address

In the Gmail web interface, at the top of the open email message, next to the details of who the message was sent from and who it was sent to, is a downward pointing arrow. By clicking that arrow you can reveal details of the signed-by header.

For legitimate University emails these will be:

Signed by: bristol.ac.uk

If the above is missing, or different, you should verify the identity of the sender by some means other than replying to the email.

Even if the headers is present and correct, it is not unknown for University email accounts to be compromised, so still be wary of unexpected requests for financial details, confidential data, etc..

For more information (including how to check the headers with other email clients) visit: https://support.google.com/mail/answer/180707?hl=en 

What should I do if I suspect an email is a phishing attempt?

If you receive email communication which you suspect may be a phishing scam do not respond, click any links in the email or open any attachments. You do not need to report it to the IT Service Desk. However, if you have responded and provided your username and password, followed a link in the email or opened an attachment then please contact the IT Service Desk for advice.

If you are confident the email is false you can mark it as spam in Gmail. View the email in Gmail and you will see a button at the top with an exclamation mark in it. If you hover over it it says 'Report spam'. Click that button and the email will be marked as spam. As Google 'learns' this it will apply the rule across the University, helping to prevent similar messages getting through. 

Further information

Additional information on protecting yourself from phishing can be found on the Information Security website