Phishing

No-one from the University will ever ask you for your password. If an email asks you for your University password, do not reply, but forward the email to the University Information Security Team (cert@bristol.ac.uk). Include the header when forwarding the email.

Cyber criminals often use online messaging to try to convince you to do something that they can use to their advantage, such as telling them your personal information, bank details or account passwords. This is often called 'phishing'.

This page will help you understand phishing and how you can spot possible phishing attempts.

What phishing is

The term 'phishing' is often used when talking about emails, but phishing can be carried out in many different ways using email, text messages (SMS), social media or telephone.

Online phishing

Cyber criminals use online messages, texts or emails to try to persuade you to click a link, provide personal information, or open an attachment.

Many online phishing attempts are highly sophisticated. They use company logos and branding, and links that seem to take you through to a company's official website.

Once you have clicked a link, you may be sent to a website that can:

  • Downloads viruses onto your computer
  • Access your password when you type it in
  • Steal your personal information.

Telephone phishing or 'vishing'

On the telephone, scammers may ask you for sensitive information, such as personal details including bank details.

They do this by pretending to be someone you trust, or from an organisation you trust. They may pretend to be calling from your bank or a government service, or even pretend to be a colleague or a friend needing help.

How to spot and avoid phishing scams

Take your time

It's easy to get into the habit of clicking links or opening attachments without thinking.

Try to read messages carefully. Be wary of communications that ask you to act immediately, offer something that sounds too good to be true, or ask you for personal information.

Common features of a phishing email

When reading messages, try to consider what the sender is asking you to do.

It's helpful to:

  1. Check who emails are from.
  1. Look at links carefully before clicking them.
  1. Not open attachments within any unsolicited emails you receive.  

Be wary if:

If you're not sure about an email or are suspicious it's a phishing email:

If you're not sure whether a message, email or call from an organisation is genuine, contact the organisation to ask them if they have sent you this message. Use information from the company's website to contact them - do not reply to a message you're suspicious of.

If someone says they're contacting you from your bank, telephone the phone number on the back of your credit or debit card to check. 

How to help protect yourself

There are some simple steps you can take to stay aware and help to keep your information secure.

We have some key tips to staying cyber aware.

We also recommend that you:

  1. Regularly log into your online accounts to make sure that there is no odd activity. Contact the company immediately using the number they provide on their website if you're suspicious.
  2. Regularly check your bank, credit and debit card statements - if anything looks wrong, contact your bank and card issuer.
  3. Ensure that your personal devices are secure and up to date
  4. Keep your browser up to date.

Reporting phishing at the University

If you’re unsure of or suspicious about any email or message you receive to your University email address, please do not click links or reply to the message. Contact the IT Service Desk or forward the email to the University Information Security team at cert@bristol.ac.uk

If you think that your University information such as your password may have been disclosed, please change your password immediately and inform the IT Service Desk.

Bank accounts and credit cards

If you think someone has committed fraud on your bank account or credit card, please:

  1. Immediately contact your bank or credit card company using the telephone number on your card or contact details on the company's official website
  2. Report the crime to Action Fraud
  3. Read advice at Experian.com and Equifax.co.uk.

Further information

For further information see:

Back to top