Remember, no-one from the University will ask you for your password. If an email asks you for your University password, do not reply, but forward the email to the IT Services Service Desk (firstname.lastname@example.org
). Include the header when forwarding the email.
Phishing means fooling people into divulging personal information, such as bank and card details, account passwords, and so on. Generally, it is done via email, messaging or via fake websites. Many phishing attempts are laughably amateur, but many look like the real thing, complete with company logos and links that seem to take you through to real-looking websites. If you think that your UoB password has been disclosed because your computer has been compromised, you must change your password immediately - refer to IT Services advice on what to do in case of compromise.
How can I spot and avoid phishing scams?
The following are all common phishing scams:
- An email asks for personal information or asks you to click on a link and enter personal information into a web form
- An email purporting to be from an organisation with which you have an account starts 'Dear valued customer' instead of using your name
- An email is of a frightening nature, such as 'Your account will be closed unless you enter your password and username'
- An email includes an order confirmation for an order you haven't placed and asks you to enter your card details to cancel the order
The advice for avoiding these phishing scams is very simple:
- Delete all emails exhibiting these characteristics - if you are worried that the message may be genuine, phone or otherwise contact the organisation to ask them if they have sent you this message - but do not do this by replying to the suspicious message
What can I do to protect myself?
- Regularly log into your online accounts to make sure that there is no odd activity and keep a note of each time you login: if a message tells you that you last logged in on Friday at 4.15am, but this is incorrect, then contact the company immediately on the number they provide
- Regularly check your bank, credit and debit card statements - if anything is suspicious, contact your bank and all card issuers immediately
- Use spam filtering on your email account and ensure that your home computer is secure
- Install Netcraft's anti-phishing toolbar to alert you of suspicious sites
- Consider using an alternative web browser, such as Mozilla Firefox. Other browsers are not immune from phishing attacks, but most attacks are directed toward Microsoft products
What should I do if I spot fraudulent activity in my bank or credit card accounts?
- You must immediately report it to the major credit reporting agencies, Experian.com and Equifax.co.uk
- Request that they place a fraud alert and a victim's statement in your file
- Request a copy of your credit report to check whether any accounts were opened without your consent
- Request that the agencies remove inquiries and/or fraudulent accounts stemming from the theft
How can I make myself safe from cross-site scripting attacks?
- There is a useful add-on for Firefox browsers that helps to prevent scripts from running except from trusted sources. You can download and install No Script from Mozilla.org
For further information see:
Back to top