Online fraud and phishing emails
Phishing uses fraudulent emails and websites to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, etc. Such attempts are increasingly professional and both the email and website may look entirely genuine, mimicking the trusted brand identity of the organisation involved. Banks, credit card agencies and online services such as Student Finance England, Barclays Bank, eBay, Natwest and Paypal have all been targeted. Fake tax refund scams are also targeting university students. HRMC will never inform you about a tax refund by email, text or voicemail.
The University uses a piece of technology called IronPort to detect and handle spam. Any suspect emails will have 'IronPort Spam Quarantine Notification' in the subject field of the email, but occasionally some get through undetected.
Student finance phishing emails
Students are often targeted with scam emails around student finance payment dates. The latest example (right) has the subject line Student loan information and claims to be from the Student Loan Company, and asks you to update your account. As with all phishing emails DO NOT REPLY and DO NOT enter any of your details. The emails often look genuine but don't be fooled.
Student Finance England will never ask you to confirm your login or user details or ask you to update your bank details or student account information by email. If you do get such an email forward it to email@example.com then delete it from your system.
The University will not reimburse any student for any student finance payments which are misappropriated as a result of details being obtained from the student through previous or future phishing incidents.
Top tips to spot phishing emails
- Be suspicious of any urgent requests for personal or financial information
- Be aware: Phishing scams are common at the three main instalment payment dates in September, January and April
- Always ensure that you're using a secure website when submitting credit card or other sensitive information; look out for "https://" and/or the security lock
- Prevention: Your email details may have been taken from a social networking site so avoid disclosing your email address or make sure you hide it on your page
- Check the quality of the communication. Misspelling, poor punctuation and bad grammar are often tell-tale signs of phishing
More advice on phishing
- Do not give out personal information in response to an unsolicited contact, whether by phone, email or other medium
- Note that responsible organisations will never request such information by email
- You must be very careful when asked to give out security information such as a password, pin number or security code and be particularly suspicious if too much is asked for; increasingly banks only ask for partial information for example the third, fifth and first digit of a pin
- Do not be too reassured by the locked padlock icon on your browser: It simply means that the internet transaction is encrypted (and so very difficult to intercept) - not that it is going to the genuine site
- Although online fraud is increasing, be aware that most credit card fraud is still in restaurants; do not let your card out of your sight
- Note also that there is a rise in fraud through monitoring personal information at cash machines - do not use a cash machine if you see anything strange about it, there have been incidents where miniature cameras have been used to record pin numbers, while a realistic false front has been installed to record (or "skim") card details
- Be sure you are going to the correct site by typing the address yourself or by using your own personal bookmark
- You are recommended to delete the fraudulent message, though if you are particularly concerned, do feel free to report the matter, but do not attempt to engage in correspondence with the sender
- If an offer seems to good to be true, then it probably is not true, particularly if is is the promise of money from a lottery you have not entered or money for handling a large sum for somebody you have never met
- If think that you have followed links in phishing emails please change your Student Finance England password and check the details on your Student Finance Account carefully. In particular please check that there have been no small changes made to your contact details such as your phone numbers and emails and that your bank details are correct.