‘Email De-activation Request’ – How to Spot a Phishing Scam

Here is some updated advice following the latest round of Phishing emails, with subject lines such as ‘Email De-activation Request’ or ‘Important Doc’.

When you receive a suspicious email, stop and take a moment to think about:

  • Who
  • Why
  • What
  • When 
  • Where
  1. Who and why: Check the sender and the logic of their request

Most of the time a spam email will come from an unfamiliar organisational email address. However, if it is from a recognised email address, you need to be extra cautious and report it immediately to the owner or the email administrator to verify it.

In the recent case, where staff and student accounts were compromised, the sender appears as a genuine HWU user. In that case, consider whether it’s reasonable that a fellow student or teaching member of staff is asking you to verify your IT account details.

  1. What: Read the message

Don’t ever fall to trickeries stated in the email example like a link asking for a reset password which you don’t request, quizzes that require you to login or asking for your digital signature. Always be sure that the email is legitimate before proceeding to click any links in it. If in doubt, check with ithelp@hw.ac.uk in the first instance.

Never feel so rushed into doing something in a hurry. Think what you’re being asked to do. In general terms, deleting a message is the safest course of action after reading and considering the contents of an unexpected email.

  1. Where is it taking you: Got an attachment or link? Look out!

Attachments may contained malware and viruses. Again, be vigilant and always ensure the email that you received is legitimate and from a trustable source. Check (hover over or right click on a link) to see where it is you are being sent. If the web address is unfamiliar or in any way suspicious, don’t go there. If you do arrive at a strange site though, never enter your Heriot Watt credentials in any of the forms there.

  1. When: Report it, immediately

If you are unsure don’t wait but please report any suspicious email right away to IT by attaching the email and send it to Abuse@hw.ac.uk. If you think your account has been compromised, don’t delay and please seek assistance immediately from ITHelp@hw.ac.uk

 

If you think you have received a spam or phishing email:

DON’T click on any links or open any attachments

DO forward the email to abuse@hw.ac.uk and delete it

 

Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s