Advice and guidance

Key messages 2019

Topic slogans

Subscribe to Status Hub today! Customise your email alerts, so you only receive status updates of IT systems you're interested in.

Come and visit us during the event for face to face advice and guidance.

Use the Information Security Toolkit to find out how to ensure your data and devices are protected from common cyber security attacks and threats.

Check out our cyber videos (shorts) for interactive guidance.


Phishing identity

Phishing

Phishing is a form of fraud that includes malicious emails designed to gain personal information and may appear to come from a genuine source. Emails often include links to bogus websites or attachments, which appear to be normal files (e.g. Word, Excel or PDF) and are harmful.

How to spot Phishing?

IT Services have technical controls in place to filter out spam before it reaches your inbox, but phishing techniques change and some will inevitably 'get through'. 

  • Check who sent you the email, being particularly suspicious of emails asking for personal or financial information.
  • Phishing emails are often sent out in bulk and are therefore unlikely to contain your first name or surname e.g. Dear Student.
  • Do check the quality of emails.  Misspelling, poor punctuation and bad grammar are tell-tale signs of phishing.
  • IT Services will never send you an email asking you to confirm your user name and password.
  • Never respond to any email which asks for your account details or requests you make a payment.

Identifying phishing can be harder then you think. Can you tell what's fake?

Take the quiz

Example Phishing email #1 – Fake warning from IT

Phishing Email 1 Explained. Non-existent sender address. No personal greeting. Request to revalidate or confirm account details. No UWE specific information such as ITS contact details. Hovering over the link reveals a suspicious unknown web address (http://tinyurl.com/6emzvy3).

Signs that it is a phishing attack:

Phishing Email 1 Explained. Non-existent sender address, this email address does not appear in the Outlook address list. No personal greeting. Request to revalidate or confirm account details. No UWE specific information, such as ITS contact details or signature. Hovering over the link reveals a suspicious unknown web address (http://tinyurl.com/6emzvy3).

Example Phishing email #2 – Email containing infected document

Phishing Email 2. From: "Clare Harding" [purchasing@carterspackaging.com]. To: user.name@uwe.ac.uk. Subject: FW: Purchase Order 0000035394 customer 09221. Attachment: Purchase Order 0000035394.docx. Body text: Dear customer, Please find attached a copy of our order (reference 0000035394), your reference. If you have any questions regarding the purchase order please contact us using the details below. Clare Harding, Purchasing Manager, Casters Packaging Ltd, Packaging House, Wilson Way, Pool, Redruth, Cornwall, TR15 3RT. Fax: +44 (0) 1209 315 600. www.carterspackaging.com, purchasing@carterspackaging.com

Signs that it is a phishing attack:

Phishing Email 2 Explained. Sender is a real company. An internet search revels that they were the victim of a cyber attack that took control of their email systems. Malware can spread through infected office documents. Non-specific greetings. References to unknown financial transaction involving unfamiliar companies.

Example Phishing email #3 – Document emailed from government organisation

Phishing Email 3. From:gateway.confirmation@gateway.gov.uk. To: user.name@uwe.ac.uk. Subject: Your Online Submission for Reference 475/RA2949502 Could not process. Attachment: GB3370106.zip { Contains: GB3370106.pdf.scr}. Body text: WE could not process your Full Payment Submission. The submission for reference 475/RA2949502 was successfully received and was not processed. Check attached copy for more information. This is an automatically generated email. Please do not reply as the email address is not monitored for received mail.

Signs that it is a phishing attack:

Phishing Email 3 Explained. Email supposedly from government address to a work account. Poor grammar. File disguised as pdf but is actually an executable program. No personalised greeting and unprofessional structure. Reference to unknown financial transaction.

Example Phishing email #4 – Document emailed from UWE staff account

Phishing Email 4. From: other.name@uwe.ac.uk. To: user.name@uwe.ac.uk. Subject: Your documen. Attachment: Document7912.zip { Contains: document7912.exe }. Body text: To view your document, please open attachment.

Signs that it is a phishing attack:

Phishing Email 4 Explained. Poor grammar. File name as a document but is actually an executable program. No personalised greeting or explanation of attachment. No UWE specific user information, such as contact details or signature.

 

For further advice and guidance, please refer to Email use within the Information Security Toolkit.

 


Keeping updated

Keeping updated

  • Be smart, restart.

    Restart your devices each day so they receive regular software and vital security updates.

This will help to keep your information safe and your devices secure.

Your devices work hard to keep you connected, so give them a break by shutting them down regularly, this will save a bit of energy too.
Good for the environment, good for you.

Mac computers are just as vulnerable to viruses and other threats as Windows PCs are, so please make sure you keep them updated.


 


 

Cyber Essentials Badge

 

 

 

 

UWE Bristol is a Cyber Essentials certified organisation.

Back to top