Phishing Guidance
Introduction
Phishing is a common way for cyber criminals to try and exploit you, circumvent security and gain access to our college network and data. We employ various security tools to try and prevent phishing from reaching your mailbox. Unfortunately, no system is 100% perfect, and we know it’s hard to spot phishing so this guidance will help you spot phishing and how to report it.
What is phishing?
Phishing is when cyber criminals attempt to trick you into clicking a malicious link, downloading malware, or directing you to a “dodgy” website. Sometimes cyber criminals use information about yourself gathered from social media or information about the organisation to make the “phish” more convincing, this is referred to as spear phishing.
How to spot phishing?
Look out for the following:
Urgency – You might be sent a message that has a tight deadline on it.
Authority – The message might appear to come from a trusted authority, like your boss, colleague, or a company you often use
Mimicry – Cyber criminals will sometimes exploit your daily habits by sending messages at the time or date you’d expect them, such as important dates in the academic calendar.
Curiosity – Sometimes the attacker will try and entice you in.
What should you do?
-
Think before you click – cyber criminals try and capitalise on you being busy and distracted. Carefully review the emails before taking any action.
-
Verify the communication is genuine without replying to it – Does a message look suspicious, try calling them or checking details from an official source.
-
Seek advice – a phishing email can be tricky to spot, ask a colleague for a second opinion or contact the IT helpdesk.
-
Don’t panic if you do click – If you think you have fallen victim to phishing report to the IT helpdesk and we’ll support you and make sure your computer and account are secure.
Report Phishing
If you suspect the message you have received is phishing you can report it by clicking the ‘Report Message’ button in Outlook. This submits the message for further analysis and allows us to prevent it from reaching others and protect others who may have received it. For further guidance please refer to the following: https://ecg.freshservice.com/support/solutions/articles/27000071084
Take the quiz
This quiz (attached below) has eight example messages. For each, you must decide whether you think it is genuine by selecting ‘real’ or an example of phishing by selecting ‘phish’. The answers are provided towards the back of this booklet with guidance. Test yourself and find out if you're a ninja phish skilled at identifying the trickiest of phish.