University of Leeds

Information Systems Services

Don’t Get Hooked Through Phishing!

What is Phishing?

Phishing is a scam where internet fraudsters send spam emails or use pop-up messages to trick unsuspecting victims into divulging passwords, account details and personal and financial information.

For more information on avoid phishing and checking links in emails see the article in Connected, October 2009

How does it work?

You may receive an email with a message like this:

'We suspect an unauthorised transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.'

Or

'During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information.'

The emails or pop-ups claim to be from a business or organisation that you might actually deal with - for example, the ISS Help Desk, an internet service provider, a bank or an online payment service. The message may ask you to 'update,' 'validate,' or 'confirm' your password and/or account information, and some phishing emails threaten a dire consequence if you don't respond.

The messages direct you to a website that looks just like a legitimate organisation's site - but it isn't. It's a bogus site whose sole purpose is to trick you into giving away your personal information so the operators can steal your identity to access your data, run up bills or commit crimes in your name.

Neither the University nor any other reputable organisation will ever send you emails asking you to input, confirm or validate account and/or personal details.

Tips to avoid getting hooked by a phishing scam:

For more information on avoid phishing and checking links in emails see the article in Connected, October 2009

  • Even if an email requesting account information appears to have come from an official and/or trusted sender do not trust it;
  • don't reply to email or pop-up messages that ask for personal or financial information, and don't click on links in the message;
  • don't cut and paste a link from the message into your web browser - phishers can make links look like they go to one place, but they actually send you to a different site;
  • if you are concerned about your account, contact the organisation using a phone number you know to be genuine, or open a new internet browser window and type in the company's correct web address yourself;
  • don't email personal or financial information - email is not a secure way to send information;
  • review credit card and bank account statements as soon as you receive them to check for unauthorised charges;
  • be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them

Contact us

Telephone: + 44 (0) 113 343 3333

Send your feedback or find key contact details.