University of Reading cookie policy

We use cookies on reading.ac.uk to improve your experience, monitor site performance and tailor content to you.

Read our cookie policy to find out how to manage your cookie settings.

Phishing

Phishing is the act of tricking you into giving away sensitive information or downloading malicious software onto your computer or your company's computer network.

The University is regularly targeted by such attacks and the impact can be considerable including financial loss, personal and business data leakage, IT network outages, reputational damage and even fines from the Information Commissioner's Office (ICO).

 

Top Tips: Stay safe on phishing

Help us protect yours and the University's data by looking out for the most commonly deployed phishing techniques:

Is it an unexpected email? 

If you receive an email which you aren't expecting or you are unsure where it has come from, you should not reply, or open any links or attachments. 

You didn't initiate the action

If you get a message informing you that you have won a contest you did not enter, or that your parcel from somewhere you didn't order from is ready for delivery, alarm bells should be ringing.

Is it too good to be true?

An email giving you a fantastic offer on a new phone, or saying you've won something in a competition you've never entered, is unlikely to be genuine. 

The email contains poor spelling and grammar

If the message contains incorrect spelling and dodgy grammar then it may not come from a professional establishment.

The email indicates urgent action is required

Often scams will send the email as "Action Required" in order to hurry you to reply without making any checks.

The email address looks suspicious

Hover over the name to see what the full email address is (on a mobile tap the email name to show the full email address). The name displayed might look OK, but does it match the email address? For example an email address displayed as "Microsoft Support" looks plausible, but if it comes from happy1224@dodgy.com, you should reconsider.

The email contains a link

If the email contains links, hover over them (do not click) with your mouse. Does the preview weblink (URL) appear to match the weblink in the email text? If it doesn’t, you may have found a phish. 

There's a handy link to login to your account

Phishers want to make it easy for you to give them your details. If you are unsure if an email is genuine, go to the company website and login to your account from there. 

The email asks for personal information

A reputable company should never send an email asking for your password, credit card number, or the answer to a security question. If you know the company, check with them via another route (phone or email separately).

What should you do with a phishing email?

If you've clicked the link and entered your details we need to know straight away so we can take steps to protect your data and the University.

Even if you are in doubt, please report to DTS. We'd rather we could tell you that the email is genuine than you fell for a scam! 

Further information and training

Past phishing campaigns - results and information about what to look out for in a phishing email

Phishing checklist - a rundown of what you should look for in every email you receive

Digital Skills - Security (UoR Learn, search for Digital Skills - Security)

Avoiding Phishing Scams (LinkedIn Learning, video, 8mins)

Cyber Security Awareness - Phishing (LinkedIn Learning, video, 1h)

 

Page updated by lm920207 on 16/10/24

What to do with a suspect email?

If you've received an email that you think is suspicious report to DTS straight away.

Do not be tempted to click on any links or open any attachments in the email.

Contact us
  • IT Self Service Portal
  • Telephone (Internal): 6262
  • Telephone (External): 0118 378 6262
  • Email: dts@reading.ac.uk