No Phishing

‘Phishing’ is a type of fraud whereby criminals try to get you to reveal confidential information such as your passwords, bank or credit card details.

For example:

  • You may receive a fake email pretending to come from your bank or your email provider, saying there is a problem and asking you to send details about your account in reply (e.g. username and password). Never reply to these emails.
  • A web site may have been set up to look like your standard bank log-in screen, but it is actually an impostor and is intended solely to collect your information (e.g. username and password).
  • You might get a direct message via social media asking you to click on a link.
  • An email claims you have won a raffle/Ebay item/lottery/fortune but they need your account details to send the winnings.
  • An email claims that an overseas fortune can be 'laundered' through your bank account and you can keep a share for your help.

Always remember, IT Services and your local IT support staff will never ask for your password, especially not by an email or a phonecall.

How to avoid being caught by phishers:

  • Is the Web address (the URL which appears at the top of your web browser) the one that you normally use for this service? If no, then avoid the site.
    • To check the correct Web address, use Google (or your preferred search engine) to search for the service you are using. For example, typing Barclays Bank into the search box shows that web addresses for Barclays in the UK start with http(s)://xxx.barclays.co.uk/xxxxx/.
  • Most sites that require confidential information now have built-in security mechanisms. Look for https:// in the URL and the padlock icon in your web browser. If these aren't present, criminals may be able to read the information you send over the internet. However, the mere presence of a padlock does not guarantee that your information will be secure.

  • How did you get to the site in the first place? Did you click a link in an unsolicited email message claiming to come from your email provider, bank, credit card company? If yes, steer clear of the site! Instead, type the site name yourself.

  • Click on the padlock and check the site's certificate. For more information on secure sites see the Government and IT industry's Get Safe Online web pages.

  • Beware of sites that start with all numbers such as http://147.46.235.54/ebay.com

  • Make sure that your web browser is up-to-date.

  • If you are shopping online, look for clear signs that you are buying from a reputable company. Does it have a physical address? Does a search for the company reveal user comments and reviews?

  • If you are using eBay or a similar site, make sure that you read the basic help guides. If possible, check that the seller has a good reputation.

  • Use safe ways to pay, such as PayPal or credit cards that insure you against theft.

  • Use the filter in your email client to block spam emails.
    • This is the easiest way to deal with phishers; however, sometimes genuine messages are treated as spam by mistake. So, we recommend that you have suspected spam messages diverted to a Junk messages folder and check its contents periodically.
    • You are strongly advised against the use of websites claiming to check your work for plagiarism. The University provides the Turnitin Service to be used by students and tutors in detecting matched text on the internet. If you are concerned that your work includes plagiarised content you should recheck your work, revisit your sources and check that quotes are referenced correctly.

If you receive a phishing attack that asks for University credentials, report it to phishing@it.ox.ac.uk with full email headers. For more information on this, and for guidance on how to secure your email in general, see Email at Oxford

If you have made use of a plagiarism detection website outside the university and you are concerned about it, you should contact your tutor or course supervisor immediately. Guidance on avoiding plagiarism is available from your tutor and your department.

For more guidance about phishing see the Information Security web pages and lunchtime courses.

Up: Contents Previous: Password Security Next: Don't give away too much information about yourself