Remember, no-one from the University will ask you for your password. If an email asks you for your University password, do not reply, but forward the email to the IT Services Service Desk ( Include the header when forwarding the email.

Phishing means fooling people into divulging personal information, such as bank and card details, account passwords, and so on. Generally, it is done via email, messaging or via fake websites. Many phishing attempts are laughably amateur, but many look like the real thing, complete with company logos and links that seem to take you through to real-looking websites. If you think that your UoB password has been disclosed because your computer has been compromised, you must change your password immediately - refer to IT Services advice on what to do in case of compromise.

How can I spot and avoid phishing scams?

The following are all common phishing scams:

The advice for avoiding these phishing scams is very simple:

  1. Delete all emails exhibiting these characteristics - if you are worried that the message may be genuine, phone or otherwise contact the organisation to ask them if they have sent you this message - but do not do this by replying to the suspicious message

What can I do to protect myself?

  1. Regularly log into your online accounts to make sure that there is no odd activity and keep a note of each time you login: if a message tells you that you last logged in on Friday at 4.15am, but this is incorrect, then contact the company immediately on the number they provide
  2. Regularly check your bank, credit and debit card statements - if anything is suspicious, contact your bank and all card issuers immediately
  3. Use spam filtering on your email account and ensure that your home computer is secure
  4. Install Netcraft's anti-phishing toolbar to alert you of suspicious sites
  5. No browsers are  immune from phishing attacks but there are things that you can do to make your browser more secure

What should I do if I spot fraudulent activity in my bank or credit card accounts?

  1. You must immediately report it to the major credit reporting agencies, and
  2. Request that they place a fraud alert and a victim's statement in your file
  3. Request a copy of your credit report to check whether any accounts were opened without your consent
  4. Request that the agencies remove inquiries and/or fraudulent accounts stemming from the theft

How can I make myself safe from cross-site scripting attacks?

  1. There is a useful add-on for Firefox browsers that helps to prevent scripts from running except from trusted sources. You can download and install No Script from

Further information

For further information see:

Back to top