Phishing is getting cleverer all the time...

Phishing emails are getting cleverer, more realistic and more frequent. We are all exposed to them personally and while at work, so it is important that we equip ourselves to spot them.

Useful tips to do this include hovering over the email address of the sender to make sure it is valid, stop and think before ever typing in your passwords or bank accounts, look out for poor grammar or a rushed tone, trust your instincts...if it feels dodgy it probably is!

Spam filters do some of the work but will never be fully effective, so it’s up to each of us to read the context of messages and look for anything suspicious.

The Digital Services team are here to support any colleagues who may have clicked on something that worries them – please don’t hesitate to get in touch with itsupport@wlv.ac.uk.

Here are some useful tips to help you spot them, as well as the steps to take if you have clicked on something that worries you.

1. Look at the email address, not just the senders name. Make sure it is a valid company address, for example, Microsoft will never send you an email asking you to log in, from a colleague’s email address.

2. Look again at the email/web address. Some false addresses look very like the real ones.

3. Look for grammatical mistakes, not just spelling mistakes. When crafting phishing messages, scammers will often use a spellchecker or translation machine, which provide all the right words but not necessarily in the right context.

4. Hover over any links to check they go to valid URL addresses, even if hidden behind a button.

5. Look out for a sense of urgency. If the email is rushing you into doing something, (even if from your boss or teacher), before you respond contact the sender using a different method, to check it is from them.

If you haven’t taken the mandatory training ‘Information Security Smart’ in the past two years – please take it as soon as possible. It really does equip you to spot Phishing, as well as other malicious online activity.

Enrol yourself from the OD website (the course is online).

What should I do if I have opened and received a phishing email but not clicked it?

1. Delete it from your email. What should I do if I have opened a phishing email and clicked on a link, but not entered any of my personal details like email address, password, bank account details?

1. Delete the email and change your IT account password, which you can do by pressing ‘Ctrl, Alt, Delete’ and selecting ‘Change a Password’, if on campus. If off campus, you will need to register for the self service reset at www.wlv.ac.uk/its/self-help/it-account-password

2. Contact the IT Service Desk using itsupport@wlv.ac.uk and let them know that you have received this phishing email and that you have changed your password.

What should I do if I have opened, clicked and entered my personal data?

1. If you have opened the email and provided any financial details, please contact your bank as a matter of urgency.

2. If you have entered any personal data at all – login details like name/email and password, change your IT account password straight away by pressing ‘Ctrl, Alt, Delete’ and selecting ‘Change a Password’, if on campus. If off campus, you will need to register for the self service reset at www.wlv.ac.uk/its/self-help/it-account-password

3. Contact the IT Service Desk using itsupport@wlv.ac.uk and let them know that you have opened and clicked on a phishing email and that you have changed your password.