There's always someone trying to steal people's passwords...
...and sadly, there are always people who allow them to do it.
 |
| A recent phishing email. The URL doesn't link to mail.york.ac.uk - your best bet is to mark it as spam. |
These messages may warn you that your account needs to be validated, alert you to withheld emails, offer you an upgrade, or give you access to a shared Google doc. They include a link, which might appear to be a genuine University URL, and if you click on it you'll be asked enter your username and password.
These emails are always a scam - their sole aim is to steal your password.
Lots of people already know that, and lots more are suspicious enough to check with us before they respond. But each time one of these phishing emails is targeted at University email accounts, we see people hand over their username and password, which means that we have to disable their account as soon as we become aware that it's been compromised.
 |
| Our phishing advice poster: click to view full size |
- If possible, we block access from the campus network to malicious websites - but this doesn't help if people are at home or elsewhere when they click on the link.
- We include information about spotting and dealing with email scams on our website, in our user guide, and in flyers handed out at Freshers' Fair and Staff Induction events.
- We post advice on our Twitter and Facebook feeds
- When there's a phishing attack underway, we send warnings to departments for circulation to staff and students
- We've produced a poster that departments can display on their noticeboards
Find out more about spotting phishing attacks and other email scams at:
