Examples of phishing appear below.
Phishing - don't be caught out by criminals
The University of Bradford, along with many other universities, is currently experiencing a high level of cyber-attacks in the form of phishing emails.
Phishing is the attempt to steal sensitive information (such as usernames, passwords and credit card or bank account details) for malicious reasons by pretending to be a trustworthy entity in an email.
Phishing usually happens through spam emails which are sent to multiple email addresses. These emails look like they come from a genuine source (usually a bank or credit card company, or an IT administrator or Service Desk), where they will ask for details of your account. They may also appear to come from someone you know - this happens because criminals can fake almost every part of an email, and use social engineering techniques to try to persuade you to open an attachment or to click on a link.
The emails may claim that you need to update or confirm your account details by clicking on a link. The link then takes you to a fake website (which may look very similar to a genuine website run by the organisation), where your details can be used by criminals. The website may also contain malware that will infect your computer.
A number of staff have been caught out by phishing emails recently; some of them more than once. This puts themselves and the University at risk.
IT Services' advice
If you receive an unexpected email that contains an attachment or a link to a website:
- Do not open the attachment or click on the link, until you've confirmed that the email is genuine (contact the sender to check). If it's not possible to contact the sender, look for the following clues, which might indicate that it's a phishing email:
- the sender's email or web address is different to the genuine organisation's addresses;
- the email is sent from a completely different address or a free web mail address;
- the email does not use your proper name, but uses a non-specific greeting such as 'dear customer';
- the email threatens that unless you act immediately your account may be closed;
- you're asked for personal information, such as your username, password or bank details;
- the email contains spelling and grammatical errors;
- the entire text of the email is contained within an image rather than text format;
- the image contains a link to a bogus website.
- Check this web page, where we will maintain examples of phishing emails received by the University. If you suspect you've received a phishing email that isn't listed, please forward it to email@example.com and add 'phishing?' to the beginning of the subject line. If you do see your email listed as a known phishing email, then please report it to Microsoft by following the steps in 3. below.
- Using Outlook on the web, select the message you want to report as phishing and then click on the drop down arrow next to the Junk menu item. Click on phishing, and then click on the report button.
Below is a screen shot of a known phishing email (added 18 July 2017)
Below is a screen shot of a known phishing email (added 6 July 2017)
Below is a screen shot of a known phishing email (added 27 June 2017)
Below is a screen shot of a known phishing email, with the subject line: 'Your May Salary Issue':
Below is a screen shot of a known phishing email, with the subject line: 'Conf #55246-976-6' which contains an attachment:
Below is a screen shot of a known phishing email, with the subject line: 'Urgent Notification (Protect yourself from Fraud':
Below is a screen shot of a known phishing email, with the subject line: 'Your email address is no longer active':
Below is a screen shot of a known phishing email, with the subject line: 'Problem with your membership':