Identifying phishing scams and fake emails
We will never ask for your login details or personal information by email. If you get an email like this, it could be an attempt at fraud known as 'phishing'.
Phishing is a scam that uses an email, phone call, SMS or instant message pretending to be from the University or another organisation, such as the Student Loans Company. This email will ask for valuable information like your password or personal details. Fraudsters can use this information to access your accounts to extract data or take money.
The phishing email is usually an urgent message with a link to a website that copies an official page, but is actually fake, such as the University login portal. The fraudster will try to trick you into entering information that is useful to gain access to any of your accounts or financial information like:
- your username and password
- financial information, like bank and credit card details
- National Insurance, Social Security or passport numbers
- common security-related questions, like your mother’s maiden name, schools attended or date of birth
Spear phishing is a scam email where the fraudsters have been able to use some of your personal information (for example your name, course of study or job title) to make the email appear more genuine. Do not be fooled. This is still a fake email.
Don’t believe everything you see. Phishing campaigns are using more convincing email addresses, logos and language to trick people and avoid security systems trying to stop them.
Be careful with unexpected email messages – if it looks suspicious, it probably is.
If you think you have received a phishing email
- Do not do what the email tells you to do
- Report the email within Outlook by selecting the 'Report Message' button located at the top right-hand side of your screen and select the category that your email falls into.
- If you have an android or Apple device, read our guidance on how to report a phishing email.
The email will then be:
- sent to our IT Security team and forwarded to Microsoft for analysis
- automatically deleted from your inbox to keep you safe and secure. If we need any further action from you, we will be in touch
If you have followed a link in a phishing email
- If you have entered any financial details, contact your bank immediately and tell them that you have been the victim of an email scam. Do not wait to contact us before doing this.
- If you have entered your University password, change it using Account Manager. If you have used this password on other accounts, change it on those as well.
- Contact the Service Desk so we can advise you what to do next.
- Run a full antivirus scan on your computer or device.
Top tips for identifying phishing emails
By following these few simple steps and looking out for some simple signs, you can reduce the likelihood of falling for a phishing attack:
Check the email greeting
Phishing emails tend to start with generic phrases like:
- 'Dear University member'
- 'Dear valued customer'
- 'Dear student'
- your email account name, like 'Dear abc123'
Check the From: address
It's always worth checking the From: address in an email, as fraudsters will often change the display name to make it look more like the company or organisation they are pretending to be. A scam email will have a strange email address behind what looks like a genuine display name e.g. "Your Friend@bath.ac.uk" . Use your mouse to hover the cursor over or right-click on the sender name and you should see the email address behind it.
If something sounds too good to be true, it probably is
Emails offering you money or financial opportunities are often fake. For example:
- jobs or grants that you haven't applied for
- lottery wins
- transferring or receiving money for someone else
Look but don’t click
Take the time to pause before clicking on any links within an email. If you are using a computer, hover your mouse over any links in the body of the email. If the link address doesn't look like an official site address or is different from the text description, don’t click on it.
Be aware of current phishing emails
We will let you know of current phishing scams as we are made aware of them via our Be aware of phishing emails campaign. Check back regularly for updates.
If you think an email is suspicious, or if you have clicked on a link in an email that you later believe it to be suspicious, don't panic! Get in touch with us and we will investigate.
Phishing scams can come in other formats
Fraudsters can contact you in many other ways including via phone call, SMS or instant message, pretending to be from your bank or another organisation. Please be vigilant and ensure that you do not disclose your personal details, such as your card, PIN, passwords or card reader codes.