Fraudulent communications
How to spot and avoid fraudulent communications (Phishing, Vishing and SmiShing).
About fraudulent communications
Cybercriminals will often use fraudulent communications to trick unsuspecting users into sending them their confidential data.
Examples of fraudulent communications seen by the University include:
- Phishing
- Vishing
- SMiShing.
Phishing
Phishing is a form of fraud that includes malicious emails.
They are designed to gain personal information and may appear to come from a genuine source, such as a streaming service, your bank, retailers like Amazon or someone you may know.
Emails often include links to bogus websites or attachments, which appear to be normal files (for example, Word, Excel or PDF) and are harmful.
How to spot Phishing
IT Services have technical controls in place to filter out spam before it reaches your inbox, but Phishing techniques change and some will inevitably get through.
- Check who sent you the email.
Be particularly suspicious of emails asking for personal or financial information. - Hover over any links to see where they will take you.
- Check the quality of emails.
Misspelling, poor punctuation and bad grammar are tell-tale signs of phishing. - Urgency.
Phishing emails will often have a sense of urgency as a social engineering technique. - Never respond to any email which asks for your account details or requests you to make a payment.
IT Services will never send you an email asking you to confirm your password.
Can you spot when you're being phished?
Identifying phishing can be harder than you think. Phishing is an attempt to trick you into giving up your personal information by pretending to be someone you know. Can you tell what's fake?
Take the quizExamples of Phishing
Blue button Phishing email
Signs that it is a phishing attack:
Fake warning from IT
Signs that it is a phishing attack:
An email containing an infected document
Signs that it is a phishing attack:
A document emailed from a government organisation
Signs that it is a phishing attack:
A document emailed form a UWE Bristol staff account
Signs that it is a phishing attack:
Vishing
Vishing or Voice Phishing is a type of fraudulent activity where criminals attempt to persuade victims to hand over personal details or transfer money over the phone.
Never give personal information (for example, passwords, banking details, credit cards details) over the phone to someone who has called you.
If you do receive such a call or you are in any doubt about the authenticity of the call, simply hang up. You can always phone the organisation back using a number from a verified source.
How to spot Vishing
Information: The criminals might not be very convincing and may know nothing about you. Alternatively, they could already have some information on you such as your name, address or phone number, but need a little bit more. This can create the impression that they seem very genuine.
Urgency: If you receive a call you will inevitably find that you will be hurried into providing them with the information that they need. They will do this to panic individuals in the hope you hand over your information without being able to think it through too much. Fear often leads people into acting without thinking.
Phone spoofing: This is when a phone number appears to be coming from a genuine source (for example, your bank or credit card company). This is a technique used by cybercriminals to hide their identity.
Remember, if you are in any doubt simply hang up and contact the organisation using a number from a verified source.
SMiShing
SMiShing or SMS Phishing is where text messages are sent trying to encourage people to pay money out or click on suspicious links.
Sometimes attackers will try to get victims to call them by sending a text message with a specific number, with the intention to persuade them further.
How to spot SMiShing
Unsolicited text messages from unknown numbers should raise alarm bells. If you are in any doubt:
- delete the message
- contact the organisation using details from an alternative verified source (for example, company website).
You may also be interested in
Information Security Policies
All UWE Bristol users must read and abide by the information security policies and regulations.
Saving work in OneDrive
How and where to save you work (OneDrive).
Protect data and devices
Everyone must take steps to secure all their devices and data to reduce the risk of a data breach.
Contact the IT Service Desk
How to contact the IT Service Desk at UWE Bristol.