SPAM, phishing and malicious email - how to spot emails

This article is for students and staff as there is an increase in SPAM and phishing emails coming into the College

To minimise SPAM for us all in the College, do not use your College email account to register for non-work related websites / services.

For emails with attachments stating it's a form or invoice, no suppliers will contact you directly unless you give them your email address as Finance certainly won't. Finance have a finance related email address that invoices should go to when an order has been placed.  There may be occasions when you are involved in quotes etc and your email address is then known, but then you would be aware that the supplier is genuine for any future emails received.

If you are unsure whether an email is genuine or not please consider the following:

• Do not open emails which you suspect as being spam, malicious or phishing
• Do not forward emails which you suspect as being spam, malicious or phishing
• Do not open attachments from unknown sources (viruses / trojans / malware etc)
• Do not readily click on links in emails from unknown sources. Instead, roll your mouse pointer over the link to reveal its true destination, displayed in the bottom left corner of your screen. Beware if this is different from what is displayed in the text of the link from the email or from a domain which seems unconnected to the senders email address.
• Do not respond to emails from unknown sources if they seem suspicious.
• Do not make purchases or charity donations in response to spam emails
• Don’t click on ‘remove’ or reply to unwanted email as it can often flag that your address is live and will be targeted more frequently.
• Check junk mail folders regularly in case a legitimate email gets trapped by mistake
• When sending emails to multiple recipients, list their addresses in the 'BCC' (blind copy) box instead of in the 'To' box. By doing this, no recipient will see the names of the others, and if their addresses fall into the wrong hands there will be less chance of you or anybody else receiving phishing or spam emails
• Similarly, delete all addresses of previous parties in the email string, before forwarding or replying
• If you are suspicious of an email, email the helpdesk giving a few details, date, time, sender, and we can assess remotely. Don't forward the email.
• You can also check if it is on a list of known spam and scam emails that some internet security vendors such as McAfee and Symantec feature on their websites.