Skip to navigation | Skip to main content | Skip to footer
Menu
Search the University of Manchester siteSearch Menu StaffNet

Don't be a victim of phishing

22 Sep 2020

Please be vigilant and double check the emails landing in your inbox before you act on them; those requests may not be genuine.

Photo of a goldfish wearing a shark fin

Review our checklist of things to look out for to help prevent you falling victim:

  1. Remember - JDLR. If it Just Doesn't Look Right, report it to us by following the process on IT Services' Email Phishing page.
     
  2. Is there an urgent call to action to click on a link or open an attachment? Don’t be flustered into clicking before you’ve had time to review it.
     
  3. Hover over the link without clicking and see where it’s sending you to.
     
  4. Is the sender of the email someone you know and were you expecting an email? Expand the ‘From’ field to see the full email address and not just the name.
     
  5. Be suspicious of generic, non-personalised emails with greetings such as ‘Dear Customer’. If a trusted organisation needs to contact you, they're likely to know your name. However there might be instances where bulk or generic emails are sent out from trusted organisations such as IT Services, but they include details of how you can verify the validity of the email without clicking. Always ask yourself, are you expecting an email from this individual or organisation?
     
  6. Check for poor spelling and grammar, the average phishing campaign depends on quantity not quality.
     
  7. Some phishing emails are more tailored, bespoke, personal attacks, using the information the hacker has gathered about you and your contacts. On occasion, these messages may appear to come from a senior member of University staff.

    Ask yourself:

    - Do you know the sender?
    - Has it definitely come from their University email account?
    - Does its tone sound like them?
    - Would you normally expect them to ask you to urgently buy vouchers for online stores? 

  8. If in doubt, call or text them to verify. Never just reply to the email.
     
  9. If you don't know the sender, are you really interested in the information? Don't just click out of curiosity.

For more information, visit IT Services' Email phishing page:

The advice about being vigilant applies just as much to your personal email accounts as your work one. Spread some good security practices amongst family and friends!