Email Phishing – student and staff vigilance required
There has been a huge increase in email Phishing attacks over the last year. Due to the ongoing risk of further Phishing attacks we urge all staff and students to maintain vigilant when opening emails and browsing websites.
What is phishing?
A well-crafted email made to look as if sent from someone or a company you know (e.g. a friend, a colleague or bank). The email may contain a link to a website that aims to steal your personal information or to infect your computer or device with a virus.
The email may have a PDF, Word, Excel document or a file ending in .exe attached that releases a virus when opened.
How to spot
A phishing email may contain some of these characteristics:
- You don't know the sender.
- The greeting is general and doesn't contain your name e.g. Dear Customer or Dear youremail@stmarys.ac.uk.
- The sender's email name and email address don't match.
- The email instructs you to click on the link as a matter of urgency or else you'll lose out.
- A request for username, password or bank details.
- Be wary of emails from colleagues not using their St Mary's email that ask you to do them a favour usually involving money.
If in doubt do not click on any links, do not open any attachment and contact the The Hub Online.
What is Spear Phishing?
Spear phishing is a form of phishing targeted towards a specific individual, group or organisation whereas general phishing attacks are usually sent to a large number of emails at the same time in the hopes that someone will take the bait and click on the link.
An email arrives, apparently from a trustworthy source, but instead it leads the unknowing recipient to a bogus website full of malware or fake sign in page where credentials can be stolen.
One popular approach sees individuals receive emails from someone whom they trust, like helpdesk line manager. The email will look similar to what the target is used to receiving from that person. This email convinces the recipient to click a link to reset a password for example. When the link is clicked the target enters their username and password and now the spear phisher has spear phished the user's login credentials.
General phishing campaigns where a version of the same email is sent to many people can often be stopped by our email filters but spear phishing campaigns are much harder to detect and stop because the communication is often bespoke and targeted at one individual at a time.
Spear phishing is evolving and increasing in sophistication and we would urge you to be vigilant when opening emails and clicking on links to keep yourself and St Mary's safe.