Phishing emails “vaccination appointments”

Please be aware that there are reports of several phishing emails being sent to HWU staff and student accounts.  Some of these emails claim to be from the NHS about vaccination appointments e.g. “important Book an appointment using the NHS e-Referral Service NHSVaccination” with links to book an appointment. 

If you think you have received a phishing email, do not click on any links, and do not open any attachments. 

If you are unsure if an email is real or not please forward it or screenshot the email content and send it to 
If you have received a phishing email, accidently clicked the link in it and provided your university credentials (username and password), please contact the IS Helpdesk for assistance. 

Accounts that are suspected to be compromised will be blocked automatically.
If your account has been blocked because of this, please send an email to for further assistance.

Top tips to help you spot phishing emails

(phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication).

  • Be suspicious of any urgent requests for personal or financial information
  • Be aware: Phishing scams are common at main instalment payment dates or connected to newsworthy events
  • Check that you’re using a secure website when submitting credit card or other sensitive information.
  • Prevention: Your email details may have been taken from a social networking site so avoid disclosing your email address or make sure you hide it on your page
  • Look for tell-tale signs of phishing: Check the quality of the communication. Misspelling, poor punctuation and bad grammar are often good indicators

Phishing emails – “Annual refund”

Phishing emails “Heriot-Watt University – Valuation Office Agency – Annual refund”

A high volume of phishing emails have been received by staff and students this afternoon.  Some are requesting bank details for refunds similar to the example below.

Do NOT click on the link in the email 

Phishing email example

If you think you have received a phishing email

  • DON’T click on any links
    DON’T open any attachments
  • Forward the email to
  • Delete it

Top tips to help you spot phishing emails

  • Be suspicious of any urgent requests for personal or financial information
  • Be aware: Phishing scams are common at main instalment payment dates
  • Check that you’re using a secure website when submitting credit card or other sensitive information;
  • Prevention: Your email details may have been taken from a social networking site so avoid disclosing your email address or make sure you hide it on your page
  • Look for tell-tale signs of phishing: Check the quality of the communication. Misspelling, poor punctuation and bad grammar are often good indicators


Ransomware attack

You will have noticed the high profile ransomware attack that has been in the news over the past few days. (

Information Services are monitoring our systems and have the necessary precautions in place to minimise the risks from ransomware, however, staff and students should remain vigilant at all times.

In particular, please be suspicious of any emails received from unknown sources with attachments or links:

  • Do not click on suspicious links
  • Do not open email attachments
  • Forward the email to
  • Do not plug in unattended USB devices that are found

Typically ransomware will be hidden in emails that look like invoices for goods, communication from the tax office (HMRC) or your bank, requests to authenticate your accounts (confirm your user name and password) following an update etc.

If you use a machine that is not on the managed desktop please ensure that you

  • Update all Anti-Virus
  • Have a backup in place and that it is operational
  • Use minimal user permissions where possible

Can we remind all users to log out from their machines at the end of the working day. Information Services apply updates and patches to managed machines overnight and some patches do not apply until a machine is restarted.

If you have not logged out and restarted your machine for a few days please do so.

See for more information on protecting against ransomware.

Email Attachments containing .exe .vbs or .scr files

The Heriot-Watt email system will no longer allow the distribution of zipped email attachments containing .exe .vbs or .scr files (attachments will be removed from messages).

These file types are considered high risk as they are often used by spammers and phishers to distribute viruses and malware by email.

This change will come into effect w/c 8th June 2015.

If you have any queries regarding this change please contact the IT Helpdesk (

10 top email tips for students…

Basic email etiquette can help make your email communications go smoother, and also help you establish some best practice to take with you into your professional lives.

As a general rule it is best to have at least 2 email accounts – your business (university or work) email and your personal one (for friends and family) – and not to mix the two.

This is one of my longer posts…but stick with it…hope you find it useful.

  • Please note that email communications from Heriot-Watt University (e.g. from Registry, Information Services, Finance, your School etc) will be sent to your address – and we prefer you to use your email address when contacting us.

There are two types of email

Informal email is meant for emails to your friends, colleagues and (since we’re pretty informal at University) University staff.

Formal email is for when you write emails about job applications, interviews, internships, funding etc.

  • It might also pay to err towards formality when emailing anybody within the university that you don’t know very well (maybe someone outside your home School). Very few people are offended by somebody being too polite.

Informal emails

1. Start by addressing the person you’re writing to
Dear Moira” is fine – most members of staff don’t mind being called by their first name (but you might like to double check with your lecturer/professor).  It may be more formal for some countries/campuses/cultures – so go with whatever is acceptable practice for your environment.

If you don’t know the person you are emailing, or are contacting them for the first time, you might prefer to use their title – e.g. “Dear Dr Smith

If you want to be more informal then “Hi Moira” or “Hello Moira” would be fine.

Addressing the person at the start of the email is especially important if you’re writing an email which is copied to several people – if you don’t then it’s possible that everybody will think the email is intended for somebody else (and therefore do nothing). If you are writing to a generic mailing list you could start with “Dear mailing list” or “Dear All“.

2. The email should be short and to the point – and have a relevant Subject line
Rambling on and off the topic is never good and tends to obscure the actual meaning of the email.  Subject lines like “Help!” or “I’m stuck” –  or a blank subject line – aren’t particularly helpful to the recipient.

3. Manners aren’t optional
A “please” and “thank you” are always appreciated. And requests formed as a question rather than a command e.g. “Can I have an extension” rather than “I want an extension” or “Give me an extension” – are usually better received.

4. Use correct grammatical English
Remember that you are at University! Also avoid text-speak and obscure acronyms e.g. AAK (this one is maybe not that obscure…)

5. Provide enough detail
If you’re asking for an extension then say which course you need the extension for. If you are having an IT problem give as much information about the problem as you can. It will save the recipient having to write back to ask for more info.

6. Use normal capitalisation
Names, dates, places, most acronyms and the start of a new sentence should be capitalised. Entire sentences shouldn’t.

7. Size matters
Don’t send large attachments – compress files if necessary. Even if your email system can cope with the file you are sending your recipients might not be able to. Watch your file names too – you don’t want things like report.doc.doc – some systems might block it.

8. Sign off with your name
It’s also usual to have a “closing salutation” such as “Best regards“, Best wishes etc. (Cheers is OK between friends but probably too informal for general use).
See Formal emails, point 5 for more options.

9. Be patient
Staff won’t be sitting around just waiting for your email – they’ve lots of other things they need to be doing – so try to allow at least 2 or 3 days before you chase anything up.

10. Don’t send an angry email
If you are angry or upset about something – don’t put it in an email until you have calmed down a bit. It might be better to phone the person or talk to them face to face if you can. Angry emails can often make a bad situation worse.

OK – that was the 10 tips (so these are the ones I was counting…) – but there are a few more below you might find useful…

Formal emails

Most of the above applies – only in a stricter manner.

1. Address the email
If you know the name of the person you are writing to use both their title and name  e.g. “Dear Dr Smith“. Most academic staff will be “Dr” or “Professor” but this is not always the case. Most academics prefer “Professor” to “Prof“.  If you don’t know the name of the person then use “Dear Sir or Madam“.

2. Use correct, grammatical English
I realise I’m repeating myself but this is especially important if you’re applying for a job. Why should anybody employ somebody who has low standards in their professional work? It’s also worth using a spell checker for important emails.

3. Choice of email address
Give consideration to which email address you use. Formal emails are usually best from a professional sounding email address – so if you don’t want to use your address, and your personal email is something like, you might like to create another personal email account with a more appropriate name for job applications etc.

4. Closing salutations
If you are writing a formal paper letter you should use
Yours sincerely if you address the letter to a particular named individual e.g. “Dear Dr Jones
Yours faithfully if you address the letter to a generic “Dear Sir or Madam

This rule can be applied to formal email as well.

Use your full (not your contracted) first name when signing off – even if all your friends call you Mikey – sign off with “Michael” and your surname.


A short video highlighting some of the key points

And one last thing to bear in mind

  • Emails are not a confidential medium – once you’ve clicked Send you are no longer in control of the information you have sent (also the case when posting to social media sites – it can go global before you know it!). Always do a final check – is it going to the right person, does it say the right thing, have you attached the correct file?


Sources (with modification)

Closure of old email service – 12th May 2014

Information Services will be starting the process of closing down the old Exchange 2003 email service on Monday 12 May 2014.

Initially we will be switching off the old webmail service at

This will also prevent access to the old email service from smartphones and other devices.

If you believe you are still accessing your email from this service then please contact the IT Helpdesk ( or on extension 4045)

Information – Anywhere, Anytime!

HWU’s online services are readily available from your smart phone or mobile device.

Our website  is mobile-reponsive, so use your mobile’s browser to bookmark , or other pages that you often use.

Setting up Student and Staff Email, Contacts and Calendar will let you keep you in touch, wherever you are.

To work in the VISION Virtual Learning Environment or access your Library Services, whenever you need to, download the free Blackboard Mobile Learn or LibAnywhere apps from the i-Tunes App or Google Play Stores.

  • Recent Posts

  • Follow HWU_IS on Twitter

  • Archives

  • Categories

  • Subscribe

  • Tags