XClose

Information Services Division

Menu

Deal with phishing email

Protect yourself from internet fraud known as phishing. Learn ways to avoid being scammed.

What is phishing?
email secure

Phishing is a form of internet fraud (typically carried out by email) designed to steal valuable personal data such as usernames, passwords and credit card/bank details.

The most common examples of this are emails purporting to come from companies such as PayPal, eBay and Online Banks which ask you to send them your account information by replying to an email or by directing you to a website.

Many phishing emails will consist of standard company logos and official sounding language to make it appear to be genuine.

What to do if you receive an email asking you to enter your username and password?

Do not respond!

No credible organisation will ever ask you for personal or account information by replying to an email or sending you to a website. No member of UCL staff should ever ask you for your password, nor ask you to send your password by email, so any email (or telephone call) that does this is a scam.

You should treat your password as you would treat the PIN for your bank card - keep it secret and don’t share it with anyone, not even your friends.

We always advise that you should report these phishing emails (see below).

How to report phishing emails

You should report phishing emails to Action fraud.

Unfortunately, we (the Information Security Group) do not have the resources to report every phish individually ourselves, but it would be useful if you could forward a copy of the email to us, for our information at phish@ucl.ac.uk.

Should we need to investigate a suspicious email, it would be helpful if we also had the email header information.

If you forward an email to us in the usual way (“inline” as the text of a new message) the header information is lost. Instead, please forward the email as an attachment or to send us a copy of the header text.

    Reporting phishing email in Office 365

    Click on the More actions button which looks like three dots (…) to the right of ‘Reply All’.

    Select Mark as phishing.

    Click on Report.

    This action reports the sender but doesn’t block them from sending you messages in the future.

    Tips to avoid phishing emails

    Here are some recommendations from The Anti-Phishing Working Group that can be used to avoid getting hooked by one of these scams:

    • Be suspicious of any email with urgent requests for personal financial information.
    • Do not use the link in an email or instant message to get to any web page if you suspect the message might not be authentic.
    • Links in html format emails can be disguised so that it looks like a legitimate web address but will actually link to a phishing web address.
    • The real destination will normally display on the status bar, at the bottom-left of your screen, if you point (do not click) the mouse at the link.
    • Avoid filling out forms in email messages that ask for personal financial information.
    • Always ensure that you’re using a secure website when submitting credit card or other sensitive information via your web browser.
    • Ensure that your browser is up-to-date and security patches are applied.