This guide will go through the procedure of recognising a possible malicious email sent to your University account.
This is an example of a phishing email sent to a University of Derby account. The links in the description below navigate back to the image.
- The email contains poor spelling and/or grammar. Phishing emails often contain poor spelling and grammar. It’s highly unlikely that phishers will proof read their work so, if the email is riddled with spelling and grammatical errors, it’s likely to be a scam. You should also look out for inconsistencies in the presentation of the email (e.g. the email may contain various font styles, font sizes and mismatched branding).
- The email contains an impersonal greeting. While impersonal greetings may not be a direct indicator of a phishing email, phishing emails will often contain greetings such as “Hi”, “Hi <email address>”, or “Dear Customer”. This behaviour, like poor spelling and grammar, should raise red flags about the validity of the email.
- The email asks you for your personal information. Nobody at the University of Derby or Microsoft will ask you for your password or sensitive personal information (e.g. your bank details or national insurance number) by email. Do not share yours or the University’s sensitive personal information with an untrusted sender.
- The email contains a mismatched URL. Phishing emails will often contain embedded links which appear like perfectly legitimate websites. It’s also likely that those embedded links in the email won’t direct you where you’d expect it to either. If the email looks suspicious, hover your mouse over the top of the link to check if the hyperlinked address matches the one in the email. If the hyperlinked address is different from the address displayed in the email, the message is probably fraudulent or malicious.
- The email contains a misleading domain (e.g. derby.ac.uk) name. Similarly, phishers will often attempt to ‘spoof’ legitimate domain names to give the impression that embedded links will direct to legitimate websites. For example, staff.derby.ac.uk is a legitimate link to the University of Derby’s domain, whereas derby.maliciousurl.com is not a legitimate link to the University of Derby’s domain.
- The email contains an unusual ‘from’ address. Phishers will often attempt to ‘spoof’ legitimate email addresses to give the impression that the email is being sent from a legitimate organisation. These emails will often hide unusual email addresses behind what appears to be a genuine sender name. If the email looks suspicious, hover your mouse over the sender name to see the email address from which the email was sent.
- The email creates a sense of urgency. Phishing emails may attempt to create urgency by warning you your Office365 account may expire or that your account has been compromised to encourage you to take immediate action. If the email looks suspicious, contact the company or person using details available on their website, rather than the contact details in the email. Don’t click any links provided in the email.
- The email contains unrealistic threats. Similarly, phishing emails may attempt to create urgency by using intimidation to scare victims into disclosing sensitive personal information or making a payment (usually to an untraceable online cryptocurrency wallet such as Bitcoin, Bitcoin Cash, or Ethereum). It’s highly unlikely that the phisher can carry out any threat contained in the email so if the email looks suspicious, it’s just as likely the email’s a scam.
- How to report a phishing email: https://itservicecentre.derby.ac.uk/hc/en-us/articles/360001612040
- Phishing & spam frequently asked questions: https://itservicecentre.derby.ac.uk/hc/en-us/articles/360001703940