Do
- Carefully consider if sending confidential information by email is appropriate (e.g. an alternative, more secure, method is to send a link from a secure storage area).
- When sending confidential information by email, clearly state 'confidential' in the subject line and protect the email by restricting access.
- Be cautious and always think before you click links, open attachments, or download files in emails you receive, regardless of who sent them (for more information on malicious emails see 'How to spot phishing' below).
- Forward any suspicious messages to spamtrap@uwe.ac.uk so IT Services can investigate new threats. Then delete the email from your inbox.
- Remember, if an email is too good to be true, it probably is.
Don't
- Click any links or attachments in emails, unless you already know what they contain.
- Respond to suspicious email messages from:
- Anyone, including IT Services, that ask you to confirm your password or personal information or demand an immediate response or threaten loss of accounts or services.
- Unrecognised senders.
Who should I contact if I'm not sure?
- For help with handling information e.g. identifying personal data, how it should be handled or when it can be deleted, contact your local data protection liaison officer (Intranet access only).
- For all student queries and / or questions on GDPR or data protection, contact the Data Protection and Records Management Officer.
- For help with protecting your information, review the Information Security Toolkit including the information security policies. For further support, contact the IT Service Desk.
More information
Scenarios
My device is encrypted. Does this mean emails sent from my device are also encrypted?
No, email is not secure as it can be read as it travels over the internet to the recipient. Restrict access to the email or put the confidential information in a protected (encrypted) file and attach it to the email.
What is phishing?
Phishing is a form of fraud that includes malicious emails designed to gain personal information and may appear to come from a genuine source. Emails often include links to bogus websites or attachments, which appear to be normal files (e.g. Word, Excel or PDF) and are harmful.
How to spot phishing?
IT Services have technical controls in place to filter out spam before it reaches your inbox, but phishing techniques change and some will inevitably 'get through'.
Example Phishing email #1 – Fake warning from IT
Signs that it is a phishing attack:
Example Phishing email #2 – Email containing infected document
![Phishing Email 2. From: "Clare Harding" [purchasing@carterspackaging.com]. To: user.name@uwe.ac.uk. Subject: FW: Purchase Order 0000035394 customer 09221. Attachment: Purchase Order 0000035394.docx. Body text: Dear customer, Please find attached a copy of our order (reference 0000035394), your reference. If you have any questions regarding the purchase order please contact us using the details below. Clare Harding, Purchasing Manager, Casters Packaging Ltd, Packaging House, Wilson Way, Pool, Redruth, Cornwall, TR15 3RT. Fax: +44 (0) 1209 315 600. www.carterspackaging.com, purchasing@carterspackaging.com](/its/images/pe2_o.png "Phishing Email 2")
Signs that it is a phishing attack:
Example Phishing email #3 – Document emailed from government organisation
Signs that it is a phishing attack:
Example Phishing email #4 – Document emailed from UWE staff account
Signs that it is a phishing attack:
