University of Greenwich Phishing Exercise IT and Library Services

   Don't Panic: Your data is not at risk!

Please read the following information carefully, as it explains why you were sent the email, how you could help protect yourself, and to reassure you that this is simply a test to heighten your awareness of the information security risks in everyday life:

Dear Colleague,

The email you received about Storage Quotas was a hoax or phish designed to mimic the sorts of fraudulent emails anyone with an email account will have received at one time or another.

First of all – Please don't panic, you are not in trouble! This is an awareness raising exercise carried out as part of a new initiative in Information Security Awareness & Training designed to help raise awareness  of phishing as an issue to University staff and also to ascertain the general levels of susceptibility to this kind of online fraud. In this case we were testing whether users will give away their user login details.

This phishing exercise is anonymous: Your personal details are not being recorded or passed to anyone as part of this exercise. The only data being collected is the number of people who visit this page as a result of following the link in the phishing email, and the number of staff who contact the IT Service Desk to report it as suspicious. We are not asking you to provide any personal information, account details etc. this page is purely to provide advice and information.

All staff will be receiving the same email you have just received. Please don't alert them to this exercise as it will invalidate the results.

Please scroll down for further information on phishing and how you could have identified the email as a phish/hoax.

What is a Phish

Phishing is the name given to the practice of sending emails at random, purporting to come from a genuine organisation. This sort of email attempts to trick the recipient into entering confidential information, such as credit card or bank details, usernames and passwords. The links contained within the message are false, and often re-direct the user to a fake web site.

How could you have spotted the email was a phish/hoax?

Within the email containing the link which brought you to this page, there were a number of clues which, had you known what to look out for, would have made you suspicious that the email was not legitimate (see below). If the email had been a real Phish and not an exercise, by entering your username and password as requested by the email, you would have potentially provided them to a hacker and thus compromised your account.  

Below this image is a key explaining the areas circled and numbered. 

Email message sent in phishing exercise 

1 – Source email address

The email displayed is not a valid University of Greenwich email address. Whilst the sender has set their account name as "helpdesk" so the email displays in your inbox as being from "helpdesk", you can see the full email address is and not from a address and therefore not from within the University of Greenwich.

Email spoofing allows attackers to forge the 'from' address in emails relatively easily so if you're ever in doubt about whether an email is genuine, you should contact the IT Service Desk for advice on 7555.

2 – URGENT marking on email

Marking an email as URGENT is a tactic used in phishing emails to create a sense of urgency to make you rush to act, without considering what you are doing – verifying who really sent the email for example. That's not to say any email marked urgent isn't legitimate, but if you receive an email advising you need to take urgent action to avoid having your account closed or similar then you should exercise some caution.

3 – Spelling Mistakes

Often phishing emails will have misspellings, grammatical errors and poor sentence construction.  A typo in an email doesn't necessarily mean it's a phish, but if you receive an email which appears to be from your bank, insurance provider, employer or some other professional organisation and it has misspellings in it, it's worth taking a closer look before acting on it.

4 – Embedded URL

There is an embedded URL (web address) in the email which you clicked on to reach this site. An embedded URL is one where you see a word or words as a hyperlink. You should be aware that the address you are taken to does not have to match the words. In the email you received the link says, but the URL embedded behind it is . The main University of Greenwich address ends in '' so an address of should have been treated with suspicion.  

When viewing a link in an email, most software will show you the web site address the hyperlink will actually take you to, when you place your cursor over it. (see below)

Links may not be what they seem

5 – Correct information, but out of place  

While the details of the address are correct, phishers are able to simply collect this information from the University website. Phishers will usually try to make their email look as authentic as possible.  

Sometimes, too much information may be a reason to be suspicious. Are you used to seeing emails with the full address University?  Stop and think for a moment if it seems unusual. 

For the purposes of this exercise we purchased the website domain and placed a redirect on it to bring you to this page. However anyone with access to a computer and a few pounds could just as easily have bought the domain and set up a website which looked real enough for you to enter your University credentials.

A second point to note is that the email was asking you to follow the link and enter your username and password. If you look at the address you were being taken to, you can see it would not take you to a secure site i.e. does not have https:// at the front. You should never enter your University credentials into a site without ensuring your details are secured.

Test Yourself

To see if you've learnt how to spot a phish we recommend you take the Dell SonicWall phishing IQ test. The site does not require you to enter any personal information and the University of Greenwich does not receive or share data with the site i.e. how well you do is private to you. Follow this link to try it out

What now?

If you wish to further verify the legitimacy of this exercise you can:

  • Call University extension 9507 / 020 8331 9507 which has been set-up for this exercise.

While you're here

Why not take some time to browse the IT Security site, there is certain to be something of interest which may help keep your information safe, whether that's your own personal information or the information you're responsible for safeguarding at work.