Advice on Phishing


Phishing is type of online identity theft that uses email and fraudulent websites to trick you into sharing your information such as credit card numbers, passwords, account data, or other valuable information.

How to Spot Phishing

Email fraud that targets University staff and students is on the rise. It's becoming increasingly sophisticated and hard to identify.
We have systems in place to limit how many fraudulent emails get through and to minimise the impact where possible. However, some emails will always get through, so it is vital that you remain alert to potential threats and take responsibility for the security of your University computing and email accounts.

Below are some tips to spotting phishing attempts and email scams.

  • Scam emails can take many forms, including those which claim to originate from the University themselves. It is important to always remain vigilant and be sceptical of any unsolicited email which asks for you to click on a link and log in.
  • Remember the old adage, if it seems too good to be true, it probably is.
  • Check for misspellings and poor grammar.
  • If an email comes from an unexpected email address (eg @gmail.com) instead of the organisation that is claiming to be contacting you (eg @sheffield.ac.uk).
  • The email starts with an unusual or generic greeting such as Dear valued customer.
  • A fraudulent email may contain attachments, which could include .exe files.
  • A sense of urgency; for example the threat that unless you act immediately your account may be closed.
  • A prominent website link. These can be forged or seem very similar to the proper address, but even a single character’s difference means a different website.
  • A request for personal information such as your username, password or student loan details.
  • The entire text of the email may be contained within an image rather than the usual text format. The image contains an embedded link to a bogus site.

What action should you take

  • Never respond to emails that ask for your password or other sensitive information.
  • Never click on or open suspicious links or attachments.
  • If you're taken to a login page or website, never enter your personal information.
  • If it appears to be from someone you know contact the original sender by telephone or create a new email to ask them if the email is genuine.

Report it

 If you receive an email that you believe may be a phishing attempt, forward it to phishing@sheffield.ac.uk.

 If you have entered any personal information, or opened / downloaded any attachments then you must contact the Helpdesk immediately on +44 (0)114 222 1111.