How can I spot if an email I have received is genuine or not?
There are many different ways in which email may used by third parties for malicious purposes:
- Phishing to obtain your bank account details to access (and empty!) your accounts.
- Phishing to obtain your Aberystwyth University username and password. This could lead to your account being used to send thousands of spam or for other criminal purposes.
- Spoofing to make an email appear that it has been sent from a legitimate or familiar email address.
- To cause worry, distress or just general nuisance.
- Spreading viruses and spyware.
It is important to remain vigilant. The following may be helpful in deciding whether an email you have received is genuine or not:
- look at the address the email came from - do you recognise it?, does it look like a legitimate address?
- is it bi-lingual - all official AU communications should be bi-lingual.
- if you are asked to visit a webpage, copy and paste the link rather than clicking on it.
- if the website asks you to login, check the website is legitimate (How do I do that?)
- are there spelling and grammatical errors?
- is it offering you something for nothing - money, jobs, holidays? If it looks too good to be true, it probably is!
- is it asking you to forward the message on?
- if an email includes an attachment you are not expecting - do not open it.
The following is an example of a phishing email:
How can I check?
- If you are ever unsure about an email appearing to come from someone at Aberystwyth University you can forward the email with full headers (How do I do that?) to email@example.com who can check to see if the email is genuine before you respond.
What should I do if I receive a phishing email?
- If the email is trying to obtain your Aberystwyth University username and password you should forward it to firstname.lastname@example.org as soon as you receive it.
- Delete it.
Information Services, Aberystwyth University, Hugh Owen Library, Penglais, Aberystwyth, SY23 3DZ
Tel: 01970 62 2400 Email: email@example.com