Phishing is a type of scam intended to trick you into handing over personal or financial information which is then used to commit fraud.

Most phishing scams are sent by email. Fraudsters will often pose as someone or an organisation you know, such as your bank, employer or a colleague. The hoax emails are designed to look and sound like they are genuine. More sophisticated scams may even contain your personal information.

Phishing is one of the most common online threats, and University staff and students are regularly targeted, so it’s important to be aware of the tell-tale signs and know what to do when you encounter them. Why is it important? The impact of a successful scam can be considerable, including personal financial loss and identity theft, disruption to University services, reputational damage and even fines from the Information Commissioner's Office (ICO).

To help demonstrate what to look out for, we’ve used some examples of actual phishing emails received by our staff and students.

The email is poorly written

Less sophisticated phishing emails often contain mistakes, poor grammar, and strange or unfamiliar language.

Figure 1 - Example of a fake email sent by O2. This is a phishing email example.

“Thanks for your attention to O2” and “Good time of the day” – this scammer sounds friendly enough, but it’s a strange way to start an email about your phone bill.

A sense of urgency

Threats, warnings, and urgent requests are intended to cause panic, so you act quickly without thinking. Some popular techniques include:

  • warnings about disk space and mailbox quotas
  • updating or verifying your account details
  • requests to purchase something on behalf of someone else, particularly vouchers
Example of a Phishing email pretending to be from the University and showing an image of the email mailbox being nearly full Example of a Phishing email pretending to be an email sent from the University IT helpdesk Example of a Phishing email pretending to be an email sent by Microsoft Office Example of a Phishing email pretending to be a work colleague

Suspicious links

Don’t take links at face value. It’s easy for scammers to hide fake web addresses in the text, images and buttons.

To reveal the real destination of a link, hover your mouse over the link for a moment and the address will appear. If you’re on a mobile device, press and hold on the link until the address appears. If it looks suspicious, it’s likely a scam email. Don’t click the link.

Example of a Phishing email pretending to be from the University's IT helpdesk

Here you can see “Click here for update” links to a fake University of Essex web address.

Offers that sound too good to be true

Emails offering you money or financial opportunities are often fake. For example, being awarded a grant you weren’t expecting. If something sounds too good to be true, it probably is.

Example of a Phishing email pretending to be from the University's awarding a student something

Attachments you aren’t expecting

Don't open or download attachments you aren’t expecting, or from senders you don’t recognise – these attachments may contain harmful viruses such as malware or ransomware. If you know the sender, find a way to contact them (not by email) to confirm if it’s genuine or not.

Example of a Phishing email pretending to be a colleague

Harmful attachments may also be sent via links.

If you think you have received a phishing email

There’s no harm in simply receiving a phishing email as long as you don’t action it.

If you receive a phishing email you should:

  1. not do what the email tells you to do.
  2. report the email in Outlook by forwarding it as an attachment to phishing@essex.ac.uk.
  3. delete the email.

The email will then be sent to our IT security team for analysis. If the email is malicious, we can take action to prevent others from receiving the phishing attack.

What to do if you have responded to a phishing email

  1. If you have entered any personal financial details, contact your bank immediately and tell them that you have been the victim of a scam. Do not wait to contact us before doing this.
  2. If you have entered your University password, change your password immediately. If you have used this password on other accounts, change it on those as well.
  3. Contact the IT Helpdesk so we can advise you what to do next.

General advice to protect yourself from scams

  • Stop and think. Be vigilant and curious.
  • Always hover over links in emails to check where they go to.
  • Don’t click on or open suspicious links or attachments.
  • Don’t respond to emails that ask you to confirm personal information.
  • Never share your passwords with anyone.
  • If you are in doubt, get a second opinion. Ask a savvy colleague or the IT Helpdesk.
  • Help protect others by reporting suspicious email to phishing@essex.ac.uk

Read more about phishing attacks.