How can I spot if an email I have received is genuine or not?

There are many different ways in which email may used by third parties for malicious purposes:

For example:

  • Phishing to obtain your bank account details to access (and empty!) your accounts.
  • Phishing to obtain your Aberystwyth University username and password. This could lead to your account being used to send thousands of spam or for other criminal purposes.
  • Spoofing to make an email appear that it has been sent from a legitimate or familiar email address.
  • To cause worry, distress or just general nuisance.
  • Spreading viruses and spyware.

It is important to remain vigilant. The following may be helpful in deciding whether an email you have received is genuine or not:

  • look at the address the email came from - do you recognise it, does it look like a legitimate address - if it is not from an @aber.ac.uk address it definitely is NOT an official communication
  • is it bi-lingual - all official AU communications should be bi-lingual.
  • if you are asked to visit a webpage, does the address match the email address. Hover your mouse over the link (without clicking on it) and see where the link is pointing. Is it the same link as the one in the message?
  • are there spelling and grammatical errors?
  • is it offering you something for nothing - money, jobs, holidays? If it looks too good to be true, it probably is!
  • is it asking you to forward the message on?
  • if an email includes an attachment you are not expecting - do not open it.

How can I check?

  • If you are ever unsure about an email appearing to come from someone at Aberystwyth University you can forward the email with full headers (How do I do that?) to is@aber.ac.uk who can check to see if the email is genuine before you respond.
  • If it is an external email you can try copying the subject line or a significant piece of text from the message into a search engine and see if you can find out anything about the email. Many of the chain letter or round robin emails have been reported upon by different websites.

What should I do if I receive a phishing email?

  • If the email is trying to obtain your Aberystwyth University username and password you should forward it to is@aber.ac.uk as soon as you receive it.
  • Delete it.