Search the University of Manchester siteSearch Menu StaffNet
Search type

Don't be a victim of Christmas phishing

03 Dec 2019

It’s the time of year when scammers, like elves, are hard at work. Please be vigilant and double check the emails landing in your inbox before you act on them; that ‘amazing Christmas deal’ may not be all it seems

A goldfish wearing a shark's fin

Review our checklist of things to look out for to help prevent you falling victim:

  1. Remember - JDLR. If it Just Doesn't Look Right, report it to us by following the process on our Email Phishing page
  2. Is there an urgent call to action to click on a link or open an attachment? Don’t be flustered into clicking before you’ve had time to review it.
  3. Hover over the link without clicking and see where it’s sending you to. 
  4. Is the sender of the email someone you know and were you expecting an email? Expand the ‘From’ field to see the full email address and not just the name.
  5. Be suspicious of generic, non-personalised emails with greetings such as ‘Dear Customer’. If a trusted organisation needs to contact you, they're likely to know your name. However there might be instances where bulk or generic emails are sent out from trusted organisations such as IT Services, but they include details of how you can verify the validity of the email without clicking. Always ask yourself, are you expecting an email from this individual or organisation?
  6. Check for poor spelling and grammar, the average phishing campaign depends on quantity not quality.
  7. Some phishing emails are more tailored, bespoke, personal attacks, using the information the hacker has gathered about you and your contacts. Ask yourself do you know the sender? And does its tone sound like them? If in doubt, call or text them to verify. Never just reply to the email.
  8. If you don't know the sender are you really interested in the information? Don't just click out of curiosity.

For more information and to view our phishing awareness video, visit IT Services' Email phishing page:

The advice about being vigilant applies just as much to your personal email accounts as your work one. Spread some good security practices amongst family and friends!  

Over the coming months we’ll be implementing various new technical features that will further enhance information security across the University, however we all have a part to play in security. If you follow procedures and report anything suspicious we can help reduce the spread of malicious software that could steal your information and cause you a great deal of personal hassle.