Email use

Email is not secure. It is like a postcard which can be read as it travels over the internet to the recipient. It is very easy to accidentally send confidential information to the wrong person.

Do

  • Carefully consider if sending confidential information by email is appropriate (e.g. an alternative, more secure, method is to send a link from a secure storage area).
  • When sending confidential information by email, clearly state 'confidential' in the subject line and protect the email by restricting access.
  • Be cautious and always think before you click links, open attachments, or download files in emails you receive, regardless of who sent them (for more information on malicious emails see 'How to spot phishing' below).
  • Forward any suspicious messages to spamtrap@uwe.ac.uk so IT Services can investigate new threats. Then delete the email from your inbox.
  • Remember, if an email is too good to be true, it probably is.

Don't

  • Click any links or attachments in emails, unless you already know what they contain.
  • Respond to suspicious email messages from:
    • Anyone, including IT Services, that ask you to confirm your password or personal information or demand an immediate response or threaten loss of accounts or services.
    • Unrecognised senders.

Who should I contact if I'm not sure?

More information

Senarios

My device is encrypted.  Does this mean emails sent from my device are also encrypted?

No, email is not secure as it can be read as it travels over the internet to the recipient. Restrict access to the email or put the confidential information in a protected (encrypted) file and attach it to the email.

What is phishing?

Phishing is a form of fraud that includes malicious emails designed to gain personal information and may appear to come from a genuine source. Emails often include links to bogus websites or attachments, which appear to be normal files (e.g. Word, Excel or PDF) and are harmful.

How to spot phishing?

IT Services have technical controls in place to filter out spam before it reaches your inbox, but phishing techniques change and some will inevitably 'get through'.  

Example Phishing email #1 – Fake warning from IT

Phishing Email 1

Signs that it is a phishing attack:

Phishing Email 1 Explained

Example Phishing email #2 – Email containing infected document

Phishing Email 2

Signs that it is a phishing attack:

Phishing Email 2 Explained

Example Phishing email #3 – Document emailed from government organisation

Phishing Email 3

Signs that it is a phishing attack:

Phishing Email 3 Explained

Example Phishing email #4 – Document emailed from UWE staff account

Phishing Email 4

Signs that it is a phishing attack:

Phishing Email 4 Explained

Back to top