Phishing - Information Technology Services - University of Derby


When internet fraudsters impersonate a person or business to trick you into giving out your personal information, it's called phishing.

Do not reply to email, text, or click pop-up messages that ask for your personal or financial information.  Do not click on links within them either, even if the message seems to be from an organisation you trust - it probably isn't.  Legitimate businesses such as HM Revenue & Customs don't ask you to send sensitive information through insecure channels.

You can take steps to avoid a phishing attack:

  • On home computers just like your work PC, use trusted security software and set it to update automatically.
  • Check with the organisation before replying and where possible do not email personal or financial information.
  • Only provide personal or financial information through an organisation's website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins https (the "s" stands for secure).  Unfortunately no indicator is fool proof; some phishers have forged security icons.
  • Be cautious about opening attachments and downloading files from emails, regardless of who sent them.  These files can contain viruses or other malware that can weaken your computer's security.

If you have any queries or feel you might have been tricked by a phishing email please contact the:

IT Service Centre (ext 1234 or immediately.