Guidance on ‘phishing’ scams
As part of Information Security Week, the University is providing guidance on so-called ‘phishing’ emails.
These emails are an attempt to steal usernames and passwords, bank account details, credit card numbers or other valuable information. They can also be used to infect computer systems with malware.
The messages are designed to look like emails from legitimate, trusted sources and encourage recipients to click on a link or open an attachment.
Some criminals will try to obtain information, or payment, via phone calls – known as vishing. These attempts often contain veiled threats that account access will be cut-off or services terminated.
There are many different types of scams, with common ones claiming to be from banks, courier companies and Government departments.
If you are in doubt about a call, hang up and confirm the number using known sources. If you receive a suspicious email at work, contact the IS Helpline for advice and guidance.
You can contact the University Information Security team at InformationSecurity@ed.ac.uk
Work and personal email accounts are susceptible, but there are some simple steps you can take to protect yourself and the University:
- Never share your password with anyone – legitimate support or customer service teams will never ask you for your password.
- Treat any emails or phone calls that contain offers, deals or options that appear ‘too good to be true’ as suspicious
- Consider if you actually bought anything from the company contacting you. Are you expecting a parcel that might be delivered via courier, are you likely to be contacted via a generic email claiming that you have a tax refund?
- Never click on a link or open an attachment in a suspicious email.
- If you are asked to open a document in a shared store such as Dropbox – are you expecting the document? Check with the legitimate sender first.
- Avoid joining mailing lists or subscribing for updates from unknown services – email addresses are often shared without you knowing and can easily end up in the wrong hands.
- Don’t use your work email address for personal purposes.
- Avoid using the same username and password combinations for multiple accounts