Phishing Emails

What are they?

Phishing is an attempt to obtain sensitive or personal information such as usernames, passwords and credit card details by disguising itself as a trustworthy entity in an electronic communication. These can be classified as follows;

Phishing (Email) - An email sent out to millions of people globally with no common link.

Spear Phishing (Email) - These attacks are more targeted because attackers research the users or organisation to make the email more believeable (holiday destinations, sports team, pets etc).

Whaling (Email) - Not technically a fish but this type of attack is aimed at the "big fish" in a organisation...CEO's, COO's, CFO's, CIO's.

Vishing (Voice) - Cold calls trying to gain information from you by phone.

Smishing or SMiShing (SMS) - These send links via text message (like emails) to gain personal information.

Search Engine (www) - These use keywords in searches to direct usets to fake websites.

What to look for?

• Read the email and consider the tone, grammar and if it is something that they would request.
• Do not click on any links or attachments within the email.
• Do not reply to the email or contact the fraudulent senders in any way.
• Look to see if the signature is consistent with other emails you have received in the past.

What to do?

If you think you have responded to an phishing email, here are some steps to protect your details:

• Change your password immediately for any accounts which you believe have been compromised
• Run a full virus scan of the machine
• Forward the message to the IT Service Desk if you are not sure if the email is legitimate – servicedesk@qmul.ac.uk