Protect your identity from phishers
Published on 2 February 12

What is a phishing scam?
Email phishing is an attempt to collect usernames, passwords, or bank account details by sending an email pretending to be from a trusted source, such as your bank or the university.
The scam emails will be carefully prepared in order to appear as genuine as possible, often styled similarly to official websites and containing company logos. The email messages all ask you to reply, enclosing information such as your username, password, and sometimes other personal information.
The email will probably threaten that a lack of response from you will result in your account being deleted or disabled, or you will not receive loan payments – this is an intimidation tactic to try and force to share your information.
Phishing scams targeted at students are most common at the three main loan instalment payment dates in September, January and April, whereby students are asked to verify personal and bank details in order to receive their student loan.
Top five tips on recognising a fake email
1. Be suspicious of any urgent requests for personal or financial information.
2. Be aware: Phishing scams are common at the three main instalment payment dates in September, January and April.
3. Always ensure that you're using a secure web site when submitting credit card or other sensitive information; look out for "https://" and/or the security lock.
4. Prevention: Your email details may have been taken from a social networking site so avoid disclosing your email address or make sure you hide it on your page.
5. Check the quality of the communication. Misspelling, poor punctuation and bad grammar are often tell-tale signs of phishing.
How to treat a Phishing attempt
No official organisation would ever request your username and password, or bank details, by email. Messages requesting this information are all fake and have not been sent by any customer services group at the University.
Report it – Obviously fake emails should be deleted and any that appear to be from a University support team should be reported to the IT Service desk. Find out how by clicking here (see ‘Reporting Phishing Attempts’).
Do NOT reply – NEVER reply to a potential phishing scam and NEVER send your username and password back to any address, and do NOT click on a link to a web site link. Web links in phishing emails will be viruses, spyware that attacks your computer, or take you to a fake web page. If an attachment or link to a website asks you to login, you are providing your details to criminals.
What to do if you have replied
If you have replied you will need to change your password and security questions as soon as possible by contacting the IT service desk.
IMPORTANT: For future reference, you should NEVER give out your password - even to IT staff.