Examples of phishing appear below.
The problem of phishing emails and how to recognise them
People (both internal and external) have been receiving emails that look like they have been sent from real University email addresses, including the University of Bradford. There are a variety of formats - some requesting invoices to be paid, and others asking for information. These malicious, yet friendly-looking emails are intended to get information and steal money from unsuspecting individuals.
They are spoofed emails (a type of email phishing attack), where the sender has changed parts of the email to make it look like it's been written by someone else and sent from a legitimate source.
The University cannot stop its email addresses from being spoofed and cannot block all spoofed emails. This means that we must rely on people being vigilant when opening and relying to emails. If someone replies to one of these emails it may result in them giving away sensitive information and potentially succumbing to identity theft or losing money.
It also affects the University’s reputation because the email address appears to originate from the University of Bradford.
If you are in any doubt that an email is truthful or that the sender is legitimate, don’t click on the link! See these 10 tips on how to identify a phishing or spoofing email.
This can be spoofed. A fraudulent email can appear to be legitimate because most inboxes only show the display name. Don’t trust the display name.
2. Look but don’t click
Hover over any links in the email. If the link address looks strange, don’t click on it. If you want to test the link, open a new window and type in the website address, rather than clicking on the link in the email.
3. Look for spelling mistakes
Legitimate messages usually do not have major spelling mistakes or poor grammar.
4. Analyse the greeting
Is the email addressed to a vague "Valued Customer”? If so, be careful - legitimate businesses usually greet you personally with your first and last name.
5. Don’t give your personal information
Legitimate banks and most other companies will not ask for personal details via email. Don’t provide them.
6. Beware of urgent or threatening language in the subject line
Beware of subject lines that claim your "account has been suspended" or your account had an "unauthorised login attempt". Invoking a sense of urgency or fear is a common phishing tactic.
7. Review the signature
Legitimate companies always provide contact details.
8. Don’t click on attachments
Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal passwords, or spy on you without your knowledge. Don’t open email attachments you aren't expecting.
9. Don’t trust the header from email address
Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address.
10. Don’t believe everything you see
Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address does not mean that it’s legitimate. Be sceptical when it comes to your email messages - if it looks even remotely suspicious, don’t open it.
If you've received a phishing email
If you've received a phishing email, please forward it to firstname.lastname@example.org and add 'phishing?' to the beginning of the subject line.
A number of people across the University have received an email similar to the one in the image below, which asks you to sign in to see a summary of your salary. This is a phishing email and the link in it goes to a web page that looks very much like MyView. Do not sign in to this web page - If you do, your username and password will be stolen and used to access MyView by criminals to change your bank details or collect other personal information.
Below is a screen shot of a known phishing email (added 26 July 2017)
Below is a screen shot of a known phishing email (added 18 July 2017)
Below is a screen shot of a known phishing email (added 6 July 2017)
Below is a screen shot of a known phishing email (added 27 June 2017)
Below is a screen shot of a known phishing email, with the subject line: 'Your May Salary Issue':
Below is a screen shot of a known phishing email, with the subject line: 'Conf #55246-976-6' which contains an attachment:
Below is a screen shot of a known phishing email, with the subject line: 'Urgent Notification (Protect yourself from Fraud':
Below is a screen shot of a known phishing email, with the subject line: 'Your email address is no longer active':
Below is a screen shot of a known phishing email, with the subject line: 'Problem with your membership':