Phishing Checklist
Here is a list of things to check when you get an email. It may seem long, but it will quickly become second nature.
Who?
- Do I know the sender?
- Is this someone I usually communicate with?
- Is the email sent to an unusual group of people?
- Is the email address spelled correctly?
- Does the email address match the email in the signature?
What?
- What action does the sender want me to take?
- Does the email contain bad grammar, odd styling, or typos?
- Is the email written in a style consistent with the sender?
- Is the action something you’d expect from the sender?
- Is it an urgent request?
Why?
- Why do they want me to click on a link, download an attachment, or send information?
- Are they presenting a sense of urgency?
- What is the consequence they are threatening if no action is taken? Is it something I should expect?
- Have they presented an unusual situation? Is it something I should expect?
Verify
If you've gone through the who, what, and why questions and you have any doubts, you should verify the email.
- To verify the validity of a suspicious email, contact the sender via another route, e.g. phone, internal chat software, or in-person conversation.
- Do not reply to the suspicious email asking for verification.
Contact DTS
If you've clicked the link and entered your details we need to know straight away so we can take steps to protect your data and the University.
Even if you are in doubt, please report to DTS. We'd rather we could tell you that the email is genuine than you fell for a scam!
Page created by lm920207 on 16/10/24