Phishing attacks are on the rise and it's important to understand what they are and what to look out for. So, what is phishing? Simply put, phishing is the fraudulent attempt usually made through Email to obtain sensitive information from you, such as usernames, passwords, and even credit card details, by disguising itself as a trustworthy source, so a colleague, or an organisation you might know. What does it look like? Phishing emails come in various forms. Some can be incredibly clever in convincing you that they are legitimate and will have you click on a link or a button. For example, This Email has seemingly come from Hermes, letting me know that they were unable to deliver my parcel. When trying to identify if this is legitimate or not, I should look at several things. 1. does it look legitimate? This e mail, in particular, looks fairly convincing. 2. is there a sense of urgency to the email? Well, yes, here we're urged to click on a link to change the delivery method. 3. does the email address look suspicious? Yes, in this case, the email address is spelled incorrectly. 4. is the link suspicious? You don't actually have to click on the link to identify this. If you hover your mouse over the link, you can see the destination. Websites that are safe to enter personal details into begin with https. The S stands for Secure. If you don't see the HTTPS, do not proceed. In this case, the link starts with HTTP, so we know that this is not legitimate. How does it work? Often, clicking on a link will take you to a fake website and ask you to log in. They may or may not already have your logging credentials at this point. This will now hijack your mailbox in order to send out more phishing emails to other individuals. They may then also click on the link and send out more emails, and so on. Here's another example. At some point, a student has clicked on a link and their email account has now been compromised. Their account is now being used to send out further phishing emails. This phishing email has cleverly taken the subject line from a previous email chain and sent it on with a big inviting blue button to click on. Again, hovering over the button reveals that this is not a trusted site. It's also important to look out for emails with suspicious attachments. If you have any suspicions on the legitimacy of an email, never open the attachment. So what should you do? If you suspect an email to be phishing, you should forward it to the Servicedesk and delete it. If you've clicked on the link, you should change your password immediately. Remember, be mindful of emails. Don't assume the email is legitimate just because it comes from a trusted source. Check the link before you click, and if in doubt, ask the Servicedesk. If we find that your account has been compromised, we will change your password or even disable your account to prevent further damage. If you have any further questions, please get in touch.