If your Inbox is like mine, you’re likely to get at least one fake email this week. And it might be very convincing. You need to know what clues to look for so that you don’t lose work, personal data such as photos, or put University data at risk.
Good fakes look almost identical to genuine emails, and often appear to be from companies you know, such as:
- phone companies like O2 and Vodafone
- travel companies
- student finance
- local companies – sports clubs, taxi firms, print agencies and so on. Criminals don’t just copy large companies.
Clues to look for
- If it says you’ve ordered a service that you haven’t – it’s highly likely to be fake. Delete the email, even if it looks convincing. If you want to double-check, use a browser and find their website. From there you can check your online account or contact them.
- If there’s an attached file you weren’t expecting – don’t open or even preview it. Attachments are used to unleash a virus. They know you might be curious enough to want to look and see what it is. Do not look – delete it. Absolutely do not ‘enable content’ or ‘enable macros’.
- Check the email address it was sent from. Does it look like the expected sender? Is it readable, or unusual, or sent ‘on behalf of’ another email account? Note that even if it looks like the right sender, hackers can ‘hijack’ genuine email accounts – so look for other clues.
- Don’t click on links if you have any doubts. The link text you see on the screen might not match the website address it will go to. If you can, hover your mouse over them and the actual website address will appear. Is it a readable, sensible destination for that service?
If you’re not sure if it is fake or not
- Contact the organisation outside of the email or go to their website independently. Use a browser and search for their site it if you don’t know the web address. From there you can check your online account or contact them.
- Never ‘Load remote content’ or ‘download pictures’ if you have any doubts at all.
- If you think it might be genuine and you might need to respond, contact us first.
- If it is definitely fake, mark it as junk and delete it. Don’t reply, click links, view attachments or view images.
If you think you’ve responded to a fake
If you’ve previewed or opened an attachment which you now realise is fake, or clicked a link, or allowed ‘remote content’ or images to be seen in an email that is likely to be fake:
- turn the power off your device immediately. For laptops, hold the power button down until it shuts down
- contact us (details below)
- if you think your bank details have been compromised, contact your bank immediately.
A note about your passwords
- Never give out your Kent IT Account password (or any other password). No reputable organisation will ask you to.
- If you think your Kent password has been compromised, contact us (details below), and change your password on the Kent website.
- Don’t use the same password for more than one account. Just don’t.
- Use a unique password with a mixture of letters, numbers and punctuation.
We do block most fake messages that are sent to your University email account, as we have ways of identifying them before they reach your Inbox. But some may still get through to you.
If you follow this advice, you shouldn’t get caught out and your work, photos and money should stay safe (and University systems should stay safe too).
Share this article if your friends need to read it too: