Information Security

Learning to avoid phishing

Don't click on links or open documents in phishing emails: it's the most common kind of attack. Learn how to avoid them

Be suspicious 

If you are reading this page because you have received an email and think there is something suspicious about it then our advice is to assume that it is phishing and report it to the IS Helpline using the process below. It may turn out not to be phishing, but if it is then you have helped the IS Helpline protect you and the rest of the University community. 

What is phishing? 

“Phishing” is sending lots of emails to lots of people at once usually pretending to be a company or organisation asking people to fill in a fake login form, or open a malicious document, or do something that results in information – say a username and password – being sent back to the people behind the phish. Essentially they are casting out lots of fishing lines and seeing if someone will take the bait – “phishing”. Sometimes attacks can be more targeted, using information gathered from public sources in order to target a smaller number of people – for example, using the public company structure to pretend to be your manager asking for something to be done. This is sometimes known as “spear phishing” and although it can be harder to detect some of the same clues will be present. 

How can I recognise phishing emails? 

Often a phishing attack is easy to spot, but sometimes they can be more sophisticated. There often is something about a phishing attack which will make you suspicious - it might be something in the list of clues below but it may also be that you feel that something is just not right. It's important that you act appropriately on your suspicions - if in doubt, act as if it was definitely phishing, don't click on or open anything, and report it.  

When reading an email it's wise to always keep the following clues in mind. 

Phishing messages often: 

  • have a generic or incorrect greeting rather than being specifically addressed to you 

  • request personal information such as passwords, bank details, date of birth, personal ID numbers, etc 

  • are short, vague and look or sound a little odd – even if they apparently come from someone you know 

  • contain unexpected attachments or links to online documents 

  • contain poor spelling or grammar, or incorrect references to University services 

  • try and create urgency - "your account will be disabled in 24 hours", "this needs to happen by 5pm today" - in the hope you'll act without thinking 

  • come from someone that you would not expect to be contacting you - not just because you don't know them but also perhaps you do not normally have any communication with the kind of contact they are or claim to be  

  • try and claim false authority - government agencies, police forces, central administration, senior staff members, etc 

  • ask you to do something that you would not normally do  

Reporting phishing emails 

If you receive a suspicious email to your University account that encourages you to click a link or open an attachment, you can report it with the following process: 

  • On the email itself, next to the ‘Forward’ button, you have the option to “forward as an attachment” - click this (it may be under a "More" button). 

  • Send it to 

  • You will receive an automated email back with guidance on what to do if you have clicked a link or opened an attachment from the suspicious email. 

If you have already clicked on a link and then realise that the email is suspicious then please reset your University password and report it to the IS Helpline. 


Resetting your University password  

 Report to the IS Helpline 


More advice

There is lots of good advice on the web that can help you avoid phishing. Here is a selection:

Advice from Microsoft

Advice from Apple

Advice from British Telecom