Phishing and Scams

Being vigilant

There are hundreds of billions of emails being sent and received every day. Even your own Etc inbox can seem a little bloated some days, I’m sure. But you must always be vigilant against phishing and scams.

Email Do’s and Don’ts

  • Don’t send personal or company data to an external source unencrypted.
  • Don’t send personal or company data to staff members’ personal email accounts. Use official business account only.
  • Don’t send passwords to unlock attachments in the same email – send it in a separate email or better still, communicate it by phone.
  • Do question why someone wants personal information from you – no matter how senior.
  • Do use appropriate and official Etc. systems to manage personal data.
  • Do consider sharing links to OneDrive protected documents rather than sending attachments of information via email.
  • Do mistrust any email that ‘looks’ or ‘feels’ suspicious. Go with your gut and report it. If you’re wrong – nothing lost!

Phishing / Scam Checks

Phishing attacks, often delivered via email spam, attempt to trick individuals into giving away sensitive information or login credentials. The best way to avoid being caught out by scams is to ask yourself a few, simple questions.

Do you know the sender?

If you don’t recognise the email address from your usual contacts, be suspicious. A phishing email is unlikely to contain your name, but will refer to you as ‘Dear Customer’ or ‘Sir’, ‘Madam’ or another generic greeting – even ‘Hi Dear’. Remember, that there are names of staff in the public domain, so ensure you check not just the sender’s name, but their email address and other contact information, too.

Is the use of English unusual?

Most phishing emails will contain poor grammar or spelling. Phishing scams often originate from organisations, individuals or countries where English is not the native or first language. Many scam email are actually translated into English by Google Translate or another easily accessible (and non-traceable) service. You may notice strange sentence structures, odd spellings of certain words (sometimes Americanised spellings), as well as peculiar turns of phrase. However, this is not always the case, so carry out other checks in this list before taking action.

Does the email ask you for information you wouldn’t normally give?

Scam emails may request information that have nothing to do with your job. This is a big giveaway in identifying scams. However, sometimes a scammer may get lucky and ask you for information you would usually give. However, go to question 1 and ask yourself if the person is known to you (check their email addresses, not just their names). If an email address or link is being ‘spoofed’, you can simply hover over a link or email address (don’t click it) and the real link will usually be revealed.

Is the sender requiring you to take immediate action?

Scammers’ rely on you panicking. They will usually tell you that an account is locked, or a payment has failed, or you should take some action before a certain time or a bad thing will happen. At Etc you will only ever receive these emails from people you know. Get advice from your Etc IT Services team if you’re unsure.

Does the email look official?

Scammers do their very best to make their email look as official as possible – using names, logos, icons, etc. But remember, a bank will never ask you to update any details via email request. They will never ask you to update passwords, account information or personal circumstances via email. They just don’t do it. Never click links in these types of emails. Always use internal telephone numbers (not the ones in their email) to double check the status of accounts or payments. Always use the official websites of companies, never click a link in a scam email in order to ‘be taken to our website to fix your problem’ – you will invariably be take to a spoof location, which is designed to steal your information.

Are you still unsure?

If you’re still unsure whether an email is a scam or not – do nothing with the email and take no action regarding its content. Instead, contact IT Services via the Service Desk, via telephone or even ask someone from the team to pop and see you.

If you are sure it’s a scam…

Report a scam email – NCSC.GOV.UK

Remember, Take Care and Be Aware!