Scam emails have become a part of daily life across all industries. Queen’s University has invested in a number of protection measures as well as training for all staff, but the main method to protect yourself from email scams, such as phishing, is maintaining vigilance. If something doesn’t seem right, double-check it.
It’s also important to note that scam emails can be received by students as well – any email address can be a target.
I may have compromised my account. What do I do?
QUB staff complete mandatory training in spotting email scams. However, accidents can still happen. If you believe your account may be compromised, or you are worried about a data security issue:
raise a ticket on the IT Helpdesk
under Data Security.
It can be embarrassing to reveal that you’ve made a mistake, but the most important thing to remember is to report early and be truthful. Security staff need to know whether you’ve clicked on something in an email, or you’ve fallen victim to a bogus caller, so that they can adequately mitigate any damage that may have been caused. If you don’t reveal all of the details, the effects could be much worse.
The data security team will be able to give you up-to-date advice on what to do next.
How to avoid scams
Phishing emails are the most common type of scam. Phishing is an attempt to trick you into revealing personal information such as your username, password, bank details, etc.
Recent examples have included personalised emails, which further attempt to add legitimacy. These emails often look convincing and sometimes come from other Queen’s users whose email accounts have been compromised.
Regardless of how “genuine” an email may look, please remember that a genuine email from the University will never ask you to click on a link to do any of the following:
- “restore/verify your account”,
- “change your password”; or
- “amend your financial details”.
Pay particular attention to the sender address, and hover over any links to see where they are actually going – be extra vigilant on mobile phones where the real sender address can often be hidden.
On mobiles and touchscreen devices, usually a “hold-press” on the suspect link or recipient’s email address will display the address in full, so that you can review it for anything suspicious. For instance:
If you are not expecting an attachment from a colleague, give them a call and check whether they sent it to you; it could be that their account is compromised.
Any messages that you believe to be phishing, scams, spam or otherwise abusive, forward the entire email to firstname.lastname@example.org.
QUB staff can renew their training in Email Essentials at any time via Queen’s Online training.
Information Services provide a document to staff and students, with additional advice on phishing emails.