Skip to navigation | Skip to main content | Skip to footer
Menu
Search the University of Manchester siteSearch Menu StaffNet

Don’t fall victim to phishing attacks

19 Dec 2023

Email fraudsters use increasingly sophisticated measures to try and scam people – posing as trusted contacts and asking you to check IT account details are just some of the ways this can happen

While we do have filters in place to reduce the risk of fraudulent emails, there is always a risk that a phishing email may make it through to any email system.

Phishing emails try to trick you in to giving out personal information, or visiting fake websites. Responding to a phishing attack can:

  • Release your personal or IT account details to someone who may use them fraudulently
  • Encrypt your files and folders, demanding that a 'ransom' fee be paid to revert the damage
  • Stop your computer from working completely

Top tips

  • Do you know the email sender? Were you expecting an email? Has it definitely come from a legitimate email account? Fraudsters can obtain information about you and your contacts and impersonate people we know, like senior staff, to create a sense of trust. Expand the ‘From’ field in the email to see the full email address and not just the name , and if you’re still in doubt, contact them via another method to verify.
  • Is there an urgent call to action to ‘click on a link’, open an attachment or help someone out? Is it claiming that something will happen to your IT account if you don’t do anything? Don’t be flustered into clicking before you’ve had time to review!
  • Be suspicious of generic, non-personalised emails with greetings such as ‘Dear Customer’. If a trusted organisation needs to contact you, they're likely to know your name. There might be instances where bulk or generic emails are sent out from trusted senders such as IT Services, but if this is the case they include details of how you can check that the email is legitimate without clicking on any links.
  • Check for poor spelling and grammar – phishing and scam emails often include these.
  • If it sounds too good to be true, then it may well be. For example, a fake email stating that you have won a voucher may be looking to harvest some personal data.

Remember - JDLR. If it Just Doesn't Look Right, report it to IT Services by following the process detailed on the Email phishing web page.

Remember to apply this advice when opening emails on your personal email accounts too. Stay safe online.