16. Can You Spot a Phish?

‘Phishing’ emails try to fool you into giving them your account details (bank account, email account, etc.) Fake emails may also try to trick you into downloading files containing viruses and malware on to your computer.

Most of these spoof emails are caught by spam filters before they reach your inbox, however a small number of messages get through.

Want to know how to set your personal spam filters?

Most people recognise these fake message and delete them, however, a small number of people don’t.

Compared to how many emails the University receives every day, only a tiny number of accounts are compromised, however these can cause big problems.

On Monday, 5th December, a wide awake member of OUCS staff spotted a phished email account sending out bulk messages in the early hours. Around 50,000 emails were sent before OUCS stopped them. Another account started sending emails at around 4am. This time some 120,000 emails were sent before it was spotted and plugged. There were three more similar incidents that same day.

If you give away your bank account details, you are likely to lose money.

If you give away your Oxford account details, personal information from your email may be stolen to conduct identity theft, your account may become overloaded with junk mail, your email may be blocked and genuine messages may be deleted.

Also spammers can then use your account to attack other people and institutions resulting in Oxford University being accused of spam and being put on blacklists.

So, can you spot a phish?

  • A generic greeting: Many fake emails begin open with a general greeting, e.g. Dear Bank Customer or Dear Email user - this may sometimes be formatted oddly or have strange capitalization - Dear oucs User.
  • A forged sender’s address: Fake emails may include a forged email address in the From: field.
  • A threat that something bad will happen if you don’t act immediately: e.g. claiming that your account may have been hacked and you need to respond immediately to stop it being closed down. If you are worried, use your browser, bookmarks or usual URL to go to the site's web pages, not the link in the email.
  • Fake weblinks: Always check where a link is going before you click on it. Move your mouse over the link and look at its underlying URL in your browser or email status bar. Any link address visible in the message text should match the real URL it actually goes to. If not, it’s probably a spoof website that may try and collect personal details from you or install a virus or spyware on your computer. If you do click on a fake weblink but only realise afterwards, don’t enter anything and close that window down.
  • Login links in an email: Never login to a University or any other system by clicking on an email link. Legitimate emails from OUCS or other organisations may sometimes mention the web addresses of login pages for information purposes but for safety you should always retype such addresses in your browser’s address line.
  • Emails that look like web pages: Some emails can be made to look like a web page that is asking you to enter information.
  • Deceptive URLs: Only ever enter an OUCS password on pages the initial part of whose whose address ends in .ox.ac.uk/ Avoid any web address containing an @ sign. Also beware plausible looking but false addresses e.g. www.oucs-ox-ac-uk-passwordvalidate. net
  • Poor spelling and grammar: Spoof emails often contain misspellings, incorrect grammar, odd phrasing etc. Bad or strange spelling e.g. pass.wrd or passw0rd is sometimes done deliberately to try and bypass spam filters.
  • Insecure connections: Any web page where you enter personal information should have an address that begins https:// The 's' stands for secure - if it's not there then you’re not in a secure web session, and you should not enter personal data.
  • Attachments: As with fake links, attachments are frequently used in fake emails to hide a virus or spyware. Such attachments often arrive with an accompanying (and often cryptic or intriguing) message encouraging you to open them, e.g. Hi - here’s the schedule I promised. Never click on an attachment unless it's something you were expecting, even if it appears to come from someone you know or deal with.

More information regarding fake or 'phishing' emails

More on computer security including spoof emails, sites and scams

If in doubt as to whether a message is genuine, contact your IT officer or the OUCS helpdesk

Screenshot of phishing email


  • No greeting
  • The senders address has nothing to do with Oxford University
  • There is no mention as to which system it applies to, or what department sent it
  • The size limits don't match what we have on Nexus
  • Spelling is poor
  • It contains threats
  • 'Click Here' link goes to http://fdg9.formdesk.com/webadminofficer/form1

Please report such messages to phishing@it.ox.ac.uk and include full headers

If the message claims to be from a bank, report phishing attempts to Bank Safe Online and not to OUCS; we can’t do anything ourselves.

Screenshot of phishing email which looks like a web page


  • They want your email account details but this looks nothing like a Nexus page and the URL shows that is has nothing to do with Oxford University.

Up: Contents Previous: 15. LTG Launches Innovative Practice Series Next: 17. SCORE Teaching Fellowship Awarded to LTG researcher Joanna Wild