What is phishing?
Phishing is a cyber-attack in which attackers disguise fraudulent emails and websites to trick you into entering personal information (e.g. usernames and passwords, or credit card information) by clicking on a link or opening an attachment.
How do I spot a phishing email?
Phishing emails are disguised as being sent by a trusted sender or business (e.g. the IT Service Centre or Microsoft) and will attempt to make you believe the message is something you either want or need.
What do I do if I receive a phishing email?
Do not enter any personal information into a phishing email. No member of IT Services or the University of Derby should ask you for your password or to send your password by email.
- If the phishing email is in your junk folder, you don’t need to do anything.
If the phishing email is in your inbox and you haven’t entered any personal information, please report the email as junk:
Report the email to Microsoft using Outlook (if you haven't clicked on a link in the email):
Click on the message ribbon and, using the ‘Junk’ drop-down menu, click on ‘Report as Phishing’.
The following dialogue box will appear:
- If the phishing email is in your inbox and you have entered personal information, please report the incident to the IT Service Centre:
Report the email to the IT Service Centre (if you've clicked on a link in the email):
Click on the message ribbon and, using the ‘More’ drop-down menu, click on ‘Forward as Attachment’.
Send the email to email@example.com
Remove address from junk list
If you accidentally report a message as spam, go to your Junk Email folder, select the email and click Not Junk.
- How to spot a phishing email: https://itservicecentre.derby.ac.uk/hc/en-us/articles/360002420439
- Phishing & spam frequently asked questions: https://itservicecentre.derby.ac.uk/hc/en-us/articles/360001703940
- NIST Computer Security Resource Centre: https://csrc.nist.gov/glossary/term/phishing
- SANS Security Awareness: Phishing: https://www.sans.org/security-awareness-training/ouch-newsletter/2015/phishing