Email scammers target UK universities, especially new students, with the hope of tricking you into giving up personal information.
Phishing is a cybercrime where attackers pose as legitimate institutions to get you to disclose personal information, such as passwords or financial information.
Remember – we will never ask you for your password.
How you can stay aware
Phishing emails often promise a reward of some kind if you click a link or enter login details. Remember, if it looks too good to be true, it probably is. There are a few things you can be aware of that will help you recognise a phishing email.
- The email signature may be overly generic, or may not follow Cardiff University protocols.
- The sender address may not match the sender name.
- Phishing emails usually contain errors in spelling, grammar or capitalisation.
- Always check the email address of the sender. If the email appears to have come, for example, from Amazon.co.uk, but the email address is not an Amazon email address it is probably a scam.
- On a desktop or laptop computer, if you hover your cursor over a link in an email, a box will appear at the bottom of your browser window showing the webpage it links to. If this does not match the supposed destination, it is probably a scam. Any link to a Cardiff University site should end with cardiff.ac.uk or cf.ac.uk.
Like your bank, we will never use an unsolicited email to ask you to confirm personal details such as your driving licence number, National Insurance number or mother's maiden name. Any email asking for this level of detail is likely to be a phishing email – be suspicious of it.
What you should do
If you get a suspicious email, do not reply to it or follow any links within it as the links are likely to be false.
If you're concerned that you have fallen for a phishing scam, and you have entered your bank account details, contact your bank immediately to warn them of the threat.
You have free access to anti-virus software while you're studying here. Make sure you install it and keep it up to date. Simply log into the student intranet and search for ‘Sophos’.
If you have any concerns about any suspicious emails you receive, or if you have any questions or concerns about phishing, please contact the IT Service Desk: