Cyber criminals are exploiting the uncertainty and anxieties of remote working across the world, and over the past week, staff and students have reported multiple phishing emails.

Each one has now been dealt with by our IT security team.

Malicious emails including spam, viruses, malware and phishing attacks can potentially cause significant damage to University data and could also have significant personal impact, including financial consequences. They might appear to come from the University so please be careful.

It is very important that you do not click any links, open suspicious attachments or respond to these types of emails, and never supply personal or bank details to people you do not know.

How to report
If you think you have received a phishing email or are unsure, please contact the IT Service Desk immediately.

If you are concerned (e.g. you responded to a suspected phishing email) or you need to report this outside normal service hours (08:00 until 18:00 Monday to Friday), please telephone 0115 95 16677, which is available 24/7.

If you have clicked on a link or downloaded a suspicious file, please change your University password, security questions on IT Accounts and then contact the IT Service Desk. Details of known phishing attempts are provided on our IT Status page.

Please be vigilant – what to look out for
Check the IT Status page for any reported phishing emails and always look out for the following:

• Are you expecting the email? If not, be very cautious.
• Does the email start with a generic opening such as “Dear Valued Customer”? If so, be very cautious.
• Look for spelling and grammatical mistakes.
• Does it ask for personal information such as your PIN, password or bank details? Does it ask you to download something or update your IT or email account? Be wary of either of these.
• Is it offering refunds for events, cancelled flights etc? Be wary – and don’t enter your bank details.
• Look at the sender’s domain name, i.e. the last bit of the email address, even if it looks to be trustworthy, e.g. from @nottingham.ac.uk it can still be a phishing email from a compromised account.
• If there’s a link, hover over it and check it is genuine before clicking.
• If you have any doubt whether it is genuine, don’t click on the link or download anything but contact the IT Service Desk.

Further information about phishing and scam emails, along with some top tips, is provided in an article here.

For more information on how to spot a phishing attempt, please read our phishing advice website and Digital Network blog.