Skip to main content

Online safety

Email scammers target UK universities, especially new students, with the hope of stealing your money, financial information or personal details.

Sometimes known as ‘phishing’, scam email attacks often seem to come from legitimate institutions and can be extremely convincing.

Scam emails:

  • often promise a reward of some kind if you click a link or enter login details. Remember, if it looks too good to be true, it probably is.
  • often exploit a sense of curiosity, sense of urgency, or fear to prompt you to engage with them, threatening with negative consequences or promising to reveal something exciting or forbidden.
  • may impose a time limit to fluster you and create a sense of urgency, referring to unpaid invoices, full inboxes or account validation.

Identifying a scam email

  • The sender address may not match the sender name.
  • The email signature may be overly generic or may not follow Cardiff University conventions.
  • Scam emails usually contain errors in spelling, grammar or capitalisation.
  • Always check the email address of the sender. If the email appears to have come, for example, from, but the email address is not an Amazon email address it is probably a scam.
  • If you hover your cursor over a link in an email, a box will appear showing the webpage it links to. If this does not match the supposed destination, it is probably a scam.

Never use any contact details or click any links provided in the email.

If you are unsure about an email, contact the company or person using the contact details from their legitimate website.

Internal scam emails

Scam emails can also appear to come from someone within Cardiff University. If you receive an email purporting to be from someone at Cardiff University and you are not sure if it is genuine, there are some things you can check:

  • Would this person have any reason to send this email?
    If you hover over the person’s name, you can see what school/department they are in, and what their role is (e.g. staff, visitor, postgraduate, undergraduate). This can help you determine whether they are likely to have sent the email to you. The email may say it's from one department but be sent from another.
  • To whom is the email addressed?
    If a message addresses you by your email address, rather than your name this is a sign that something is wrong. A genuine email from Cardiff University would never do this.
  • Does the tone, style and terminology match the emails usually sent out by Cardiff University?

Cardiff University will never:

  • Email you asking you to validate your email account.
  • Warn you that your mailbox is full.
  • Ask you for your password.

Protect yourself

Using anti-virus software is vital when using a computer to access the internet.  Currently, you can download and use a copy of the Sophos Home anti-virus software for free.

  • Make sure you install anti-virus software and keep it up to date. Simply log into the student intranet and search for ‘anti-virus’.
  • Use unique passwords for each site you visit and never use your University password for anything non-University related.
  • If you suspect your password is compromised, immediately change your password and contact the IT Service Desk.
  • Consider using a webcam cover for your phone, tablet or laptop. These are increasingly included on newer devices, and can be purchased for older devices

If you get a suspicious email:

  • Do not reply to it or follow any links within it, as the links are likely to be false. If you hover your cursor over a link in an email, a box will appear at the bottom of your browser window showing the webpage it links to. If this does not match the supposed destination, it is probably a scam.
  • Do not open any attachments in the email. These attachments can contain malware that can harm your computer and capture your personal data.

If you're concerned that you have fallen for a phishing scam, and you have entered your bank account details, contact your bank immediately to warn them of the threat. You should also change your password immediately and contact the IT Service Desk.

Microsoft also have advice on identifying suspicious messages in Outlook.

Contact us

If you have any concerns about any suspicious emails you receive, or if you have any questions or concerns about phishing, please contact the IT Service Desk:

IT Service Desk