- You may receive a fake email pretending to come from your bank or your email provider, saying there is a problem and asking you to send details about your account in reply (e.g. username and password). Never reply to these emails.
- A web site may have been set up to look like your standard bank log-in screen, but it is actually an impostor and is intended solely to collect your information (e.g. username and password).
- An email claims you have won a raffle/Ebay item/lottery/fortune but they need your account details to send the winnings.
- An email claims that an overseas fortune can be 'laundered' through your bank account and you can keep a share for your help.
How to avoid being caught by phishers:
- Is the Web address (the URL which appears at the top of your web browser) the one that you normally use for this service? If no, then avoid the site.
Most sites that require confidential information now have built-in security mechanisms. Look for
https://in the URL and the padlock icon in your web browser. If these aren't present, criminals may be able to read the information you send over the internet. However, the mere presence of a padlock does not guarantee that your information will be secure.
How did you get to the site in the first place? Did you click a link in an unsolicited email message claiming to come from your email provider, bank, credit card company? If yes, steer clear of the site! Instead, type the site name yourself.
Click on the padlock and check the site's certificate. For more information on secure sites see the Government and IT industry's Get Safe Online web pages.
If you receive a phishing attack that asks for University credentials, report it to firstname.lastname@example.org. For more information on this, and for guidance on how to secure your email in general, see Email at Oxford/>
Up: Contents Previous: Password Security Next: Don't give away too much information about yourself