We all rely heavily on email, both at work and in our personal lives, Because of this, email has become a common means of cyber-crime: An email is a direct route to you with harmful content only a click away.
E-mail or instant messaging, purporting to be from banks and building societies, popular social networking websites, auction sites, online payment sites or IT administrators are commonly used.
Phishing e-mails often contain links to websites that are infected with "malware" malicious software used to gather sensitive information such as passwords
Phishing usually takes place through spam e-mails sent to millions of addresses. The e-mails fall into two broad categories: those which offer something that sounds too good to be true or those which urge you to update security information threatening account closure or suspension if you don't comply with them.
Both types direct you to fraudulent sites with the specific intention of getting you to supply personal information which then can be used for illegal purposes. This can be done by either accessing your accounts directly or pretending to be you in order to steal goods and services (which you are then liable for!).
Phishing attacks are not restricted to e-mail, they can also be sent by instant message and text but they will still direct you to enter your information (password, bank details, date of birth, security information, etc.) at a fake website which may look and feel entirely genuine.
Every year, we receive a number of calls from people who have passed over their personal details in response to these types of requests - to make sure you avoid the inconvenience and distress this can cause, please read on!
Is it really a 'secure site'? If you visit a secure page you will see the URL change from http:// to https:// and the Secure Sockets icon (the small padlock) appear in the address bar. Some phishing sites will include this on the page but often get the position wrong: it should be at the top (or bottom) of the browser, in the browser, not on the page itself.
Only valid certificates issued by approved authorities are trustworthy. If you're still unsure, check if the name on the certificate matches the name of the company behind the website.
If you give away your password, the criminals will have access to e-mail and other University services.
Your e-mail could be read, deleted and replies to junk mail could fill up your inbox.
If you give away other information such as personal data this could be used to commit theft and fraud using your identity.
Your identity could be used to falsely take out loans, or credit cards in your name.
False identity documents in your name may be created and used by criminals and you could be held responsible for their actions.
If you click on a link in a phishing e-mail you may be taken to a fake website which will try to get you to input personal information such as your username and password, or other personal data such as your date of birth.
If you give away your password, the criminals will have access to e-mail and other University services.
If you give away other information such as personal data this could be used to commit theft and fraud using your identity.
No!
IT and Library Services (ILS) NEVER lock you out of your account or require you to provide your password if you are over quota!
You do receive an e-mail warning that you are approaching or reaching your mail quota.
When you reach your quota you won't be able to send or receive e-mail, or save any new or changed files, but you will still be able to login and see your e-mails and documents.
You need to either delete or archive some e-mails before your service will return to normal.
We have taken action to reduce the amount of junk mail you receive, but it is not possible to stop it completely.
The most important advice we can offer is never to reply to the message. This only serves to inform the sender that your e-mail account is valid. The sender will have sent the message to thousands of e-mail addresses, a great deal of which will no longer be in use. Don't let them discover that your e-mail address is valid.
Our system is already stopping a large number of unsolicited e-mails or marking them as possible spam. You may have received messages with "[SPAM?]" before the subject line or found e-mails being delivered to the "Junk E-mail" folder in Outlook. This is our system attempting to identify unsolicited e-mails for you. However, as yet the technology does not exist to accurately identify spam 100% of the time. Therefore, the system will not block some messages in case they are genuine. The contents and sender of e-mails differs so widely that it is not feasible to apply a general rule which will reliably stop them without the risk of throwing out genuine messages in the process. We are constantly improving the efficiency of the spam detection systems we use, but there will inevitably be some unwanted e-mails that still get through.
The solution is simply to delete the messages. However, if you are receiving spam from a university e-mail address (an address ending in "@gre.ac.uk" or "@greenwich.ac.uk") then you should notify the IT Service Desk as soon as possible
There has been a big rise in the quantity of Spam e-mail recently, while the university employs methods to protect staff and students, it is still wise to remain vigilant to the threat posed.
This can include:
Keep them to yourself:don't forward any of these types of email, just delete them.
Ignore them: If you receive one from someone you know, just ignore it or maybe even point them in the direction of a reputable source of advice about hoax emails.
These are techniques which trick you into supplying information for fraud or system access BUT they aren't restricted to the online environment and are just as likely to come to you via a telephone call or even a face-to-face conversation (e.g. a telephone call from someone impersonating a technical support agent, an 'IT technician' asking you to log on to their machine with your details).
In some instances the smallest piece of personal information can be used to give an air of credibility to these individuals (e.g. a date of birth, details of school attended, workplace) and the increasing popularity of Facebook and the naivety of many users when publishing personal information about themselves, has been a source of information for fraudsters looking for information to gain them a 'foot in the door'.
What can you do about it?
Publish at your peril: Think about all the information you have published online: via Facebook, Twitter or your own personal web pages, also consider what is published about you in staff or club membership profiles which are created or posted on line. Review what's there (try 'Googling' yourself to check if there are any listings for you that you didn't know about or remember) and make sure personal details are either removed or only visible to those who actually know you.
Don't be afraid: It's ok to challenge anyone who requests personal information by phone, email, text or face to face: genuine individuals will understand and won't mind. Fraudsters rely on our reluctance to stand up and query their legitimacy or to refuse a polite request.