Identifying malicious email

  • Types of suspicious email

    Suspicious email can take many forms.

    Spam email

    Spam is unsolicited email, the electronic equivalent of the junk mail that gets shoved through our letterboxes.

    There are spam emails that simply feature unwanted marketing messages, but spam is also often used as a vehicle for malware that can attack our computers, our network and even our bank accounts. Malicious emails might pretend to be sent by someone you know, to trick you into opening the email. This is called email spoofing. Hackers will often pretend to be from a trusted organisation in order to dupe you into providing them with confidential or personal information that in turn can be used to access your online accounts.

    Phishing scams

    Phishing is an increasingly common problem. Phishing is a variety of spam which tries to trick you into giving up your username, password, bank PINs etc. This kind of personal data will allow the phisher to gain access to your account and steal your money or even your identity.

    Spear Phishing is also on the increase - this is where an email is used as a fraud attempt to target a specific organisation, with the aim of gaining unauthorised access to confidential data including trade secrets, research or military information. The email will generally come from a senior person at a well known company and therefore appears legitimate.

  • How to identify phishing emails

    Some general advice on identifying and handling phishing emails:

    • Sender:Were you expecting this email? Not recognising the sender isn’t necessarily cause for concern but look carefully at the sender’s name - does it sound legitimate, or is it trying to mimic something you are familiar with?
    • Subject line: Often alarmist and trying to convey a sense of urgency, hoping to scare the reader into an action without much thought. May use excessive punctuation.
    • Logo:The logo may be of a low quality if the attacker has simply cut and pasted it from a website. Is it even a genuine company?
    • Dear You: Be wary of emails that refer to you by generic names, or in a way you find unusual, such as the first part of your email address. Don’t forget though, your actual name may be inferred by your email address.
    • The body: Look out for bad grammar or spelling errors but bear in mind that modern phishing looks a lot better than it used to. Many phishing campaigns originate from non-English speaking countries but are written in English in order to target a wider global audience and so word-choice may be odd or sound disjointed.
    • The hyperlink/attachment: The whole email is designed to impress on you the importance of clicking this link or attachment right now.  If you are still unsure, do not click the link - just open a webpage and log on to your account via the normal method. Be aware that some companies operate policies stating they will never include links in emails and will never ask for personal information. Mimecast will scan the link and attachments to provide security, but even so, we recommend you don’t click any links or open any attachments you’re not sure about.
    • Signature block: The signature block may be a generic design or a copy from the real company. 

    These are all valuable clues that an email may be spam rather than genuine - but they’re not absolute proof.

    Use your judgement when following this guidance, and if in any doubt, please see below.

What to do with suspicious emails

Our email security system scans all attachments and web links embedded in emails for malicious content. However, we recommend avoiding clicking links that look suspicious, or downloading email attachments you’re not expecting.

What to do if you have responded to a phishing attempt

Our security systems protect us from the vast majority of attacks, and applying the advice given above will help to keep you safe. However, nobody is completely immune to a cleverly-designed phishing attack, and sometimes you can click something in error. Under these circumstances, you need to act quickly. This is what you should do:

  • If you have clicked on a phishing link or responded with your University account details, change your University password immediately.
  • Report details to the IT Helpline as soon as possible so that we can ensure your computer is safe
  • If you have shared any bank details then contact your bank on their emergency fraud number (usually found on the back of your card or on their website)
  • The same applies if you’ve shared any other account details, eg, your social media accounts or personal email details etc. Head to the provider and change your login details as soon as you possibly can

More about information security

For more about keeping your data and information safe, visit Information Security’s Support pages.