We are aware of ongoing phishing scams and fraudulent schemes targeting students across the UK. Scammers are sending emails and making calls posing as University staff, financial institutions, or other trusted sources including SAAS, attempting to extract personal information or persuade students to make payments.
Understanding Phishing
Phishing is a form of cyber-attack where criminals attempt to deceive you into revealing sensitive information such as passwords, credit card numbers, or personal data by posing as a legitimate entity. These scams are often delivered via emails, but can also occur through text messages, phone calls, Microsoft Teams messages, or social media.
This short animation delves into Phishing in a bit more detail: Think before you click.mp4
Key Points to Remember:
- Phishing Emails: Be wary of emails that request sensitive information, contain poor grammar or spelling, or create a sense of urgency. Always verify the sender’s email address and avoid clicking on suspicious links or downloading unexpected attachments.
- Phone Scams: Fraudsters are calling students, claiming to be from the university’s finance team, and alleging that students are victims of bank fraud. The University will never ask for personal banking details or request money transfers over the phone. If you receive such a call, do not provide any information or comply with any financial requests.
- Identifying Suspicious Emails
- Suspicious Links: Hover over links to see the actual destination URL. If it looks unfamiliar or suspicious, do not click on it.
- Unusual Requests: Be cautious of unexpected requests for money, password resets, or sensitive information.
- Impersonation: Verify sender details, especially if the message appears to be from your bank, a retailer, or government agency.
- Protect Yourself:
- Verify the identity of the caller or sender by using contact details from official sources, not those provided in the suspicious communication.
- Never share personal information or passwords, and ensure all accounts have strong, unique passwords.
- If you haven’t already, set up Multi Factor Authentication (MFA) on all your accounts.
- Outlook has built-in features to report phishing emails. Use the ‘report message’ option to categorise emails as Junk or Phishing, which helps improve spam filtering.
- Report any suspected scams to the Information Centre in the Library or by emailing information.centre@stir.ac.uk
- Stay Informed: The most important defense against scams is awareness. Raise yours by taking part in the free training available to all University of Stirling students through the Metacompliance app, or via your browser here: https://universityofstirling.metacompliance.com
Read our previous blog post on staying safe from similar social engineering threats here: Understanding and defending against social engineering threats – IS News Blog (stir.ac.uk) - What to Do If You Clicked a Phishing Link or Shared Information
If you have clicked on a suspicious link or provided personal information, take the following steps immediately:
Contact Information Services (IS):
Report the incident as soon as possible as this allows the University to take necessary steps to protect your account and the wider network.
You can reach the Information Centre via email at information.centre@stir.ac.uk or visit the Library’s Information Centre in person.
Change Your Passwords:
Immediately change your passwords for any accounts that may have been compromised, particularly your university and banking accounts. Use strong, unique passwords that have not been used elsewhere. Ensure Multifactor Authentication is set up on all your accounts.
Contact Your Bank:
If you have provided any financial information, contact your bank immediately using a trusted number (such as the one on their official website) to alert them of potential fraud. They can help monitor your account for unusual activity and advise on further steps. Report any suspicious activity to your bank or the relevant service provider without delay.
Scan Your Device for Malware:
Run a full security scan on your device using up-to-date antivirus software to check for any malware that may have been installed.